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■ >V/:JAPIO Nov 1976-2l!^/Nov (Updated 040308) 

(c) 2004 JPO & JAPIO 
File 350:Derwent WPIX 1 963-2004 /UD, UM &UP=200417 
(c) 2004 Thomson Derwent 

Set Items Description 

SI 5735247 MESSAGE? ? OR EMAIL OR MAIL OR TEXT OR DATA OR INFORMATION 
OR CODE? ? OR VALUE? ? OR NUMBER? ? OR BYTE? ? OR BIT? ? OR W- 
ORD? ? OR PACKET? ? OR FRAME? ? OR DATAGRAM? ? 

32 / 14078 KEY? ?(7N) (BASE? ? OR BASING OR DEPENDENT OR DEPENDENCE OR 
RELIAN?? OR CONTINGENT OR HASH??? OR FUNCTION OR DERIV???) {7N- 
)S1 

53 1541731 S1{5N) (SEND??? OR SENT OR TRANSMIT? OR TRANSFER???? OR TRA- 

NSMISSION OR FORWARD??? OR RELAY??? OR CONVEY? OR PROVID? OR - 
PROVISION? OR DELIVER??? OR COMMUNICAT? OR EXCHANG? OR BROADC- 
AST??? OR DISTRIBUT??? OR RECEIV? OR OBTAIN?) 

54 24554 CIPHER? OR CYPHER? OR ENCRYPT? OR ENCIPHER? OR ENCYPHER? OR 

DECRYPT? OR DECIPHER? OR DECYPHER? OR UNENCIPHER? OR UNENCRY- 
PT? OR UNCIPHER? 

55 1510 S2 AND S3 AND S4 

56 10204 KEY? ?( 5N )( DEPENDENT OR DEPENDENCE OR RELIAN?? OR CONTINGE- 

NT OR FUNCTION OR DERIV???) 
3380 S6(7N)S1 
:A6 si AND S3 AND S4 
A KEY? ? (7N) S4 

SB AND S9 

il'^h^Gl MESSAGE? ? OR EMAIL OR MAIL OR TEXT OR DATA OR INFORMATION 
OR CODE? ? 
.112 2422 S6(7N)S11 

513 168 SIO AND S12 

514 886155 MESSAGE? ? OR EMAIL OR MAIL OR TEXT OR CODE? ? 

515 799 S6{7N)S14 

516 63 ■ S13 AND S15 

517 1064443^ S1(5N) (SEND??? OR SENT OR TRANSMIT? OR TRANSFER???? OR TRA- 

NSMISSION OR FORWARD??? OR RELAY??? OR CONVEY? OR DELIVER??? - 
OR COMMUNICAT? OR EXCHANG? OR BROADCAST??? OR DISTRIBUT??? OR 
RECEIV?) 

818 17126 KEY(3N) (ESTABLISH? OR GENERAT? OR GREAT???? OR FASHION? OR 

CONSTRUCT? OR FORM?? OR FORMING OR FORMATION? ? OR PRODUC????? 
OR DEVELOP? OR BUPLT OR BUILD?) 

SI 9 4865 KEY(5N) (COMPUTE OR COMPUTES OR COMPUTED OR COMPUTING OR DE- 

TERMIN? OR DISCERN? OR DERIV? OR CALCULA?) 

520 138 SIO AND S17 AND S18:S19 

521 95 S20 NOT S16 

522 61* S12 AND S21 

523 1236 SHARED 0 (KEY OR DATA OR INFORMATION OR VALUE? ? OR NUMBER? 

? OR CODE? ?) 

524 10 S5 AND S23 
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05482515 ^*Image available^* 

TRANSACTION INFORMATION PROCESSING METHOD, TRANSACTION INFORMATION 
PROCESSOR, AND INFORMATION RECORDING MEDIUM 



APPLICANT (s) : 

APPL. NO. : 
FILED: 
INTL CLASS: 

JAPIO CLASS: 



09-097315 [JP 9097315 A] " 
April 08, 1997 (19970408) 
MATSUMURA SHUICHI 
TAKAHASHI MASASHI 
YURA AKIYUKI 

TOPPAN PRINTING CO LTD [000319] (A Japanese Company or 
Corporation), JP (Japan) 
07-253277 [JP 95253277] 
September 29, 1995 (19950929) 

[6] G06K-017/00; B42D-015/10; GO 6K-0 1 9/073 ; G09C-001/00; 
G09C-001/00; H04L-009/32 

45.3 {INFORMATION PROCESSING Input Output Units); 30.1 
(MISCELLANEOUS GOODS Office Supplies); 44.3 (COMMUNICATION 
-- Telegraphy); 44.9 (COMMUNICATION -- Other) 



ABSTRACT 

PROBLEM TO BE SOLVED: To provide a transaction information processor 
which can surely detect an illegal use and data alteration and has an 
extremely high security. 

SOLUTION: An external processor 200 reads a card ID code and stored data 

(transaction relative data) out of the information recording medium 100. 

A diversifying function part 302 generates a diversification key 
according to the card ID code and a count value and a cipher key 
constituting the stored data and a ciphering function part 303 generates 

ridequacy information according to the diversification key and ciphering 
key and compares the information with adequacy information read out of 
. : : t 1. on recording medium 100 to judged the adequacy of the 
•.: : :■ : • recording medium 100. When a transaction is made, transaction 

: : ':\^*; a and adequacy information are generated with the transaction 

: J 'Wid d new automatically counted value and written in the information 

: V. !. r: i n.g medium 100. 
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ELECTRONIC APPARATUS AND ITS OPERATION CONTROL METHOD 



PUB. NO. : 
PUBLISHED: 
INVENTOR (s) : 
APPLICANT (s) 

APPL. NO. : 
FILED: 
INTL CLASS: 

JAPIO CLASS: 



09-044354 [JP 9044354 A] 
February 14, 1997 (19970214) 
KAWAMURA HARUMI 

SONY CORP [000218] (A Japanese Company or Corporation), JP 
(Japan) 

07-212633 [JP 95212633] 
July 28, 1995 (19950728) 

[6] G06F-009/06; G06F-001/00; G06F-013/00; G09C-001/00; 
H04L-009/32; H04N-007/167 

45.1 (INFORMATION PROCESSING -- Arithmetic Sequence Units); 
44.3 (COMMUNICATION -- Telegraphy); 44.6 (COMMUNICATION -- 
Television); 44.9 (COMMUNICATION -- Other); 45.2 (INFORMATION 
PROCESSING -- Memory Units); 45.9 (INFORMATION PROCESSING — 
Other) 

KKVW0RD:R131 (INFORMATION PROCESSING Microcomputers & 
Microprocessers ) 



ABSTRACT 

PROBLEM TO BE SOLVED: To enable other companies to use each independently 



• ; ' n-^^n' application b^^K: ransmi tting a control signal^^hich includes 
••.^:^-;ly (ieuermined cipher information and has a prescribed format, 
jpf ci icj iius on Che concrol side and setting the application to the 
suace by an apparatus on the controlled side in the case of 
ion c:: the control signal including preliminarily determined cipher 
: orma t ion . 



SOLUTION: When receiving a target key code from a target (2), a 
controller multiplies a cipher function by this target key code to 
calculate an application key code . An open command of the application to 
which the application number and the calculated application key code are 
added is transmitted to the target (3) . The target confirms whether the 
decoded result is equal to its own target key code or not; and if it is 
equal, the target validates the open command of the application K and 
enters into the open state chat the application can be executed. 
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05359599 **Image available*"^ 
INFORMATION RECORDING MEDIUM 



PUB. NO. : 08-315099 [JP 8315099 A] 

PliBL.TSHED: November 29, 1996 (19961129) 

I MVF.NTOR (s) : MATSUMURA SHUICHI 
TAKAHASHI MASAS HI 
• . :-'ANr:s): TOPPAN printing CO ltd [000319] (A Japanese Company or 
Corporation), jP (Japan) 
no.: 07-118799 [JP 95118799] 

• : ; F:;: May 17, 1995 (19950517) 

:NiTi. CLASS: [6] GO 6K-0 1 9 /O 7 3 ; G06F-012/14; G06F-017/60; G06F-019/00; 

G09C-001/00; H04L-009/00; H04L-009/10; H04L-009/12 

JAPIO CLASS: 45.3 (INFORMATION PROCESSING -- Input Output Units); 44.3 

(COMMUNICATION -- Telegraphy); 44.9 (COMMUNICATION — Other) 
45.2 (INFORMATION PROCESSING -- Memory Units); 45.4 
(INFORMATION PROCESSING -- Computer Applications) 



ABSTRACT 

PURPOSE: To provide an information recording medium capable of surely 
detecting illegal use or data alteration and having extremely high 

s e c: u r i t y . 



'"'ONSTITUTION : An external processor 2 reads out the ID code PI of an 
information recording medium 1, a transaction count value P2 and stored 
data P, Diversification function part 23 prepares a diversification 
key K' based upon the 10 code PI, the count value P2 and a cipher 
key K and a ciphering function part 24 prepares validity information 
based upon the key K' and the stored data P and compares the prepared 
information with validity information read out from the medium 1. When the 
medium 1 is valid and illegal action is not executed, the contents of both 
the information coincide with each other, so that the existence of 
iJleqarity or alteration can be surely judged. 



16/5/7 (Item 7 from file: 347) 
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04458922 ""^Image available"^^ 
FILE SECURITY SYSTEM 

PUB. NO.: 06-102822 [JP 6102822 A] 

PUBLISHED: April 15, 1994 (19940415) 
INVENTOR(s): HIRATA KOZO 

APPLICANT (s) : ROORERU INTELLIGENT SYST KK [000000] (A Japanese Company or 
Corporation) , JP (Japan) 



APPL. NO.: 03-273501 |W 91273501] 

FILED: September 26, 1991 (19910926) 

INTL CLASS: [5] G09C-001/00; G06F-012/00; G06F-012/14 

JAPIO CLASS: 4 4.9 (COMMUNICATION -- Other); 4 5.2 (INFORMATION PROCESSING 

-- Memory Units) 
JAPIO KEYWORD: R138 (APPLIED ELECTRONICS -- Vertical Magnetic & 

Photomagnetic Recording) 
JOURNAL: Section: P, Section No. 1770, Vol. 18, No. 376, 

14, 1994 (19940714) 



Pg. 51, July 



ABSTRACT 

(.:;••:: To ensure securecy of information by cyphering secret 
'Mr.duion by data cryptographic key and recording and transferring 
data cryptographic key cyphered by means of cryptographic key 



means . 



CONSTITUTION: A terminal sec 
takes a form of a black 
contents are automatically 
illegal reverse engineering 
cryptographic key TK itsel 
plain text information 
cyphers a data cryptog 
:MM;Liori of further cyphe 
:jrccessinq of the plain 
means itself is cyphered a 



urity unit 15 as a kind of cyphering devices 
box and a proper cryptographic key TK whose 
extinguished when unsealing is done e.g. by 
and aquired only by a user is sealed. The 
f has not a function for directly cyphering 
(X) , plays a role of a kind of master keys , 
raphic key DEX and is provided with the 
ring the ' key ' on algorism for cyphering 
text information. The data cryptographic key 
nd freely stored or transferred. 
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04352416 ^^Irriage available^^^ 
SATELLITE DATA BROADCASTING SYSTEM 



PUB. 



NO. : 

:SHED: 

:tor{s) : 

r-ANT is] 



. NO. : 
i^'I LED: 
INTL CLASS: 
JAPIO CLASS: 



JOURNAL: 



05-344116 [JP 5344116 A] 
December 24, 1993 (19931224) 
UENO NOBUO 

FUJITSU LTD [000522] (A Japanese Company or Corporation), JP 
( Japan ) 

04-151032 [JP 92151032] 
June 11, 1992 (19920611) 

[5] H04L-009/06; H04L-009/14; H04B-007 /2 12 ; H04L-012/18 
4 4.3 (COMMUNICATION Telegraphy); 34.4 (SPACE DEVELOPMENT 
-- Communication); 44.2 (COMMUNICATION -- Transmission 
Systems ) 

Section: E, Section No. 1530, Vol. 18, No. 174, Pg . 145, 

March 24, 1994 (19940324) 



ABSTRACT 

1"M!'0S:-:: To detect the noncoincidence of Iceys at a - receiving station 
vv:^::cui: decreasing the packet transmission capacity of transmitting 
information concerning the satellite data broadcasting system for 
ciphering and transmitting the transmitting information . 

CONSTITUTION: In the satellite data broadcasting system provided with 
a center station A and a receiving station B, the center station is 
provided with a key version number generating means 4 to generate and 
transmit the nvimber of versions for network keys, key information 
generating means 2 to generate key information by ciphering the network 
keys and adding the version number of key , and key edition number 
fetching function 31 added to a frame control code generating section 
^. The receiving station is provided with a key information 
receiving means 6 to separate the key version number from the inputted 
. 'r::.av. ion and CO store it, and key version number collating means 7 

. e rne key information receiving means with the respective key 
. , ': :.'j:nb(-^r extracted at a frame control code extracting section 5 and 
.•f.'jr Lhe collated result. 



# 
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;r;TiJR£ information ciphering method 



PUB. NO. : 
PUBLISHED: 
INVENTOR (s) : 

APPLICANT (s) 



A? PL. NO. : 
FILED: 
INTL CLASS: 
JAPIO CLASS: 

JOURNAL: 



(A Japanese Company or Corporation) , JP 

(A Japanese Company or Corporation) 



05-304614 [JP 5304614 A] 
November 16, 1993 (19931116) 
TOMITA YASUHARU 
SUZUKI MASAHIRO 
NEC CORP [000423] 
( Japan) 

NEC SHIZUOKA LTD [489142] 
, JP {Japan) 
04-083790 [JP 9283790] 
April 06, 1992 (19920406) 

[5] H04N-001/44; H04L-009/06/ H04L-009/14 

44'. 7 (COMMUNICATION -- Facsimile); 44.3 (COMMUNICATION - 
Telegraphy) 

Section: E, Section No. 1512, Vol. 18, No. 105, Pg. 149, 
February 21, 1994 (19940221) 



ABSTRACT 

PURPOSE: To hold a secrecy by providing a function which selects plural 
keys , and selecting a code key according to time information, in the 
cipherment system of a facsimile terminal equipment. 

* 7' ON : P'ccure informanion read by a photoelectric converting part 1 

i '-;:Tsad by a compressing part 2, and transmitted to a ciphering 
: !!' . 7he ciphering part 3 is constituted of a known data scramble 
: constituted of a shift register and an EX-OR circuit, and the 

ciphering part 3 operates the scramble of the inputted compressed picture 
information by writing a key as the initial value of the shift register. 
The ciphered compressed picture information is modulated by a modulating 
part 7, and transmitted from a network control part 8 to a line 9. A device 
control part 4 detects the time of a time part 19 set at a transmitter 
side, a password, and the time information" of the other party, and 
communicates them to a key selecting part 5. The key selecting part 5 
selects a matching/mismatching, operates a function arithmetic operation, 
and communicates the result to a key table 6. 
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03961342 *-^Image available** 
MESSAGE VERIFICATION SYSTEM 



PUB. NO.: 04-326442 [JP 4326442 A] 
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ABSTRACT 



[4)RP0SE: To obtain a tHlnnique which can certify the jusuif ication of a 
message which is received by an arbitrary person and can certify the 

justification of the transmission source of the received message in a 
communication network system which is utilized by unspecified and 

multiple registers through the use of an IC card having a ciphering 
function . 

CONSTITUTION: At the time of transmitting the message , one's name is 
signed to the transmitted message by using individual keys peculiar to 
the IC cards 11 and 15, and a cipher function, and the message with an 
electric signature is transmitted to a communication opposite party 
wii:h ID information . At the time of receiving the message , the 
individual key of the transmission source of the message is generated 
rrom a parameter for individual key generation and transmitted ID 
information , and the message with the signature is certified by using 
uhe individual key and the cipher function . Thus, the forgery and 
forge of the message and illegal impersonation by a third person can be 
prevented . 
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ABSTRACT 

To acuain communication processing on a required data while 
: L v^'/- 'ii i: .1 nq message communication from being concentrated by using a 

■e:.ved Loday's decoding key to decode a ciphered message based upon 
already received ciphering key of the same date. 
CONSTITUTION: A news board 10 having a disclosed key calendar 11 and a 
tioday's decoding key 12 transmits a ciphering key of a data 
specified by a ciphering key request to a requesting source at the 
time of receiving the request from the requesting source, or transmits a 
today's decoding key at the time of receiving a today's decoding key 
request from the requesting source. A work station 30 is provided with a 
message communication function means 31, which includes a ciphering 

;r.r:ion raeans 32 for ciphering a message to be transmitted by using 
: :^^'^oived ciphering key and a decoding function means 33 for 

riiiKj a message ciphered by the received ciphering key of the 
Sf::ne dace. Consequently, message communication on a network 20 can be 
prtfvenced from being concentrated and a message can be transferred to a 
required destination on a required data. 
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ABSTRACT 

PURPOSE: To secure a double high-grade information protecting function 
for both a key code and an enciphered algorithm by using an IC card 
as a memory device for dial numbers and enciphering the dial number 
i.o^;ei:her with the key code supplied for decoding through the dial digit 
i' the IC card telephone when the dial number is stored in the IC 



'::;NSTITUTI0N : An IC 12 card is put into a reading device 15 and a key code 
IS inputted by means of the dial digit buttons 4 of a telephone, A CPU 7 
set at the inside of the device 15 collates the input key code with the key 
code registered on the card 12. Then a command signal is delivered only 
when coincidence is obtained between both key codes . When an automatic 
dial transmission button 5 is pushed, the CPU 7 sends a request signal to 
the card 12 to extract the dial number data corresponding to the pushed 
button 5 and reads an enciphered dial number out of an EEPROM chip 14 to 
send it to the CPU 7. This dial number is decoded and restored to the 
original dial number . Then this original number is sent automatically 
' - 'i *e"lephone circuit via a telephone main body circuit 9. 
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ABSTRACT 

PURPOSE: To reinforce a furtive glance and eavesdropping preventive 
function by ciphering a key code signal given to a scramble decoder 
in relation to an intrinsic address signal from an address unit. 

"'^MSTITUTION : A scramble decoder which receives an information from the 
• •.•'-r ihrouqh a converter 21 sends out a data information to a 
• • : . I'-'i 23. In this case, an intrinsic address signal from an address 
ri\\6 a ciphered key code from a PROM24 are inputted to the 

r.ciier 23. The controller 23 operates the key code which is compared 
wiih Che supplied data information and is ciphered , and the intrinsic 
address, and supplies a normal key code obtained as its result to a 
scramble decoder 22. By executing the processing in this way, the furtive 
glance and eavesdropping function can be reinforced. 



(Item 14 from file: 350) 

U'^ :R) F±ie 350:Derwent WPIX 
■) 2004 Thomson Derwent . All rts. reserv. 



012b37854 **Image available** 
WPI Acc No: 1999-443958/199937 
Related WPI Acc No: 2002-655071 
XRPX Acc No: N99-331117 

Point-of- distribution stored value card activator 
Patent Assignee: VISA INT SERVICE ASSOC (VISA-N) 
Inventor: DAVIS V M; ROTH J R; ROTH J T 
Number of Countries: 084 Number of Patents: 005 
Pa cent Family: 



Pan 


enc No 


Kind 


Date 


Applicat No 


Kind 


Date 


Week 


WO 


9933033 


A2 


19990701 


WO 


98US27073 


A 


19981218 


199937 B 


AU 


9919324 


A 


19990712 


AU 


9919324 


A 


19981218 


199950 


EP 


1040456 


A2 


20001004 


EP 


98964134 


A 


19981218 


200050 










WO 


98US27073 


A 


19981218 




US 


6298336 


Bl 


20011002 


US 


9768196 


P 


19971219 


200160 










us 


98216509 


A 


19981218 




AU 


758710 


B 


20030327 


AU 


9919324 


A 


19981218 


200330 



Priority Applications {No Type Dace) : US 9768196 P 19971219; US 98216509 A 

1 '^981218 
r iOeLails : 

:-:■-;:=- *No Kind Lan Pg Main IPC 
>;;'■ A2 E 53 G07F-007/10 

;\-signai:ed States (National): AL 

CZ DE DK EE ES FI GB GD GE GH GM 

LK LR LS LT LU LV MD MG MK MN MW 

TJ TM TR TT UA UG US UZ VN YU ZW 

Designated States (Regional): AT 

IE IT KE LS LU MC MW NL OA PT SD 
AU 9919324 A G07F-007/10 
EP 1040456' A2 E •G07F-007/10 

Designated States (Regional): BE 
US 6298336 Bl G06F-017/60 
AU 758710 B G07F-007/10 



Abstract (Basic): WO 9933033 A2 

NOVELTY - Activator comprises a card dispensing machine with cards 
which have a security code derived from an issuer key . A secure 
application module has the issuer key and an encryption module 
deriving the security code . An activation control counter limit is 
checked and when it reaches a limit activation of the card is aborted. 

USE - Activator is for activating smart cards at the point of 
dist r ibut ion . 

ADVANTAGE - Activator prevents theft of cards, minimizes losses to 
an insurer if a card is stolen and reduces card security costs. 

DESCRIPTION OF DRAWING (S) - The drawing shows a stored value card 
rurc i va t ion system. 
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Encryption key transRr method in data communication system - 
involves forwarding message including signature and specific 
exponentiated function from one correspondent to that of other which 
utilizes message to compute specific session key 
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Absuract (Basic): US 5896455 A 

NOVELTY - A message including a signature (SA) and specific 
e:-:ponene ia ted function is forwarded from correspondent (10) to a 
correspondent (12). The correspondent (12) utilizes the signature to 
verify the value of exponentiated function in the message . A 
session key (K') is computed by the correspondent (12) by 
exponentiating the exponentiated function by a private key (b) . 
DETAILED DESCRIPTION - The correspondent (10) selects a random integer 
(x) and exponentiating a specific function. The correspondent (10) 
computes session key (K) from public key (PB) of correspondent (12) . 
The correspondent (12) utilizes public key (PA) of the correspondent 
(10). The session key (K) is computed by exponentiating function of 
public key (PB) of correspondent (12) with the function signature (SA) . 
USE - In data communication system. 

ADVANTAGE - The protocols are modified to improve bandwidth 
requirements and computational efficiency of key agreement. DESCRIPTION 
OF DRAWING (S) - The figure represents schematic representation of data 
communication system. (10,12) Correspondent. 
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Verifying cryptographic postage evidencing method using fixed key set - 
generating several random verifier master keys which consist of fixed 
number of keys and generating pointer by applying pseudorandom algorithm 
to data unique to transaction evidencing device 
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The method involves generating several random verifier master keys 
(18) to obtain a set (100) of verifier master keys consisting of a 
fixed number of keys, A pointer is generated by applying a pseudorandom 
algorithm to data unique to a transaction evidencing device (12) . 
Several verifier token keys (34) are calculated to obtain a verifier 
token key set corresponding to the set of verifier master keys. 

The verifier token key set is encrypted with a privacy key . 
The verifier token key set and the privacy key are distributed to 
verifiers (60). Master keys are distributed to postal and vendor 
data centres. The token keys are a function of the verifier master 
keys and a code valid for a limited time. The code is function of a 
■i'Vf^ d(=*pendent parameter. The pointer algorithm is an appropriate 
: i r.';-^y c rypr. oq raph ic algorithm. 

'VANTAGE - i;np roves security of digital meters by providing 
s.i-.r liried means for posts to validate indicia in real time. 
i3wq .2/7 

r::„!e Terms: VERIFICATION; CRYPTOGRAPHIC; POSTAGE; METHOD; FIX; KEY; SET; 

GENERATE; RANDOM; VERIFICATION; MASTER; KEY; CONSIST; FIX; NUMBER; KEY; 

GENERATE; POINT; APPLY; ALGORITHM; DATA; UNIQUE; TRANSACTION; DEVICE 
Derwent Class: TOl; T05 

International Patent Class (Main) : G07B-017/00; G07B-017/02; H04L-009/00 
International Patent Class (Additional): H04L-009/32 . 
File Segment: EPI 



16/5/32 (Item 19 from file: 350) 

ALOG (R) File 350: Derwent WPIX 
[r.) 2004 Thomson Derwent. All rts. reserv. 

011930924 -^--^-Image available** 

WPI Acc No: 1998-347834/199830 

XRPX Acc No: N98-271524 

Encrypting data communication method e.g. for distributed 
computer system - involves encrypting data message with encryption 
function using transmission encryption key to produce ciphertext 
message 

Pa::enu Assignee: DIGITAL EQUIP CORP (DIGI ) 
or: SFRATTE M 
: Co'jnU'ies: 001 Number of Patents: 001 

Kind Dace Applicat No Kind Date Week 
'hA !..b A 19980609 US 96661425 A 19960611 199830 B 

rri.ority Applications (No Type Date): US 96661425 A 19960611 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
US 5764766 A 6 H04K-001/00 

Abstract (Basic): US 5764766 A 

The method involves generating a salt at a data transmitting 
system. The salt is then combined with a primary encryption key 
known at the data transmitting system and a data receiving 



system. The primary elRyption key and the salt are^^shed to 

produce a transmitting encryption key . 

A data message with an encryption function is encrypted using 
the transmitting encryption key to, produce a ciphertext message. 
The salt and the ciphertext message are then transmitted to the 
data receiving system. 

ADVANTAGE - Prevents timing problems. Avoids use of large 
enciryption keys . 
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Abstract (Basic) : EP 840478 A 

The digital signature method is used on a network (101) of 
computers. A first user (A) generates a message (110) that is passed to 
a second user (B) cor comment (114) before passing to a final user (C) . 
The message has a digital signature for the first user formed using a 
hashing system to find a first value . A number is obtained by 
uranslating a random number and its has value found. The values are 
combined as the digital signature. 

To verify the signature, the hash value of the message is formed. 
A number is obtained via a public key (Q) using a base point (P). 
The hash of this is compared with the signature. 

ADVANTAGE - Provides a digital signature method that has high 
security and uses a short bit length for the signature. 
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The communication method comprises the steps of providing an LDS 
reference station, having location coordinates that are known with high 
accuracy, the reference station having an LDS signal antenna and 
associated LDS signal receiver/processor for receiving and processing 
location determination signals, or ' ' LD signals'', from several LD 
signal sources to determine spatial location and clock coordinates for 
that station. An LDS mobile station is provided having an LDS signal 



i.'.'onrici and associa t ed^Rs signal receiver/processor foiKeceiving and 

processing LD signals from several LD signal sources to determine 
spatial location and clock coordinates for that station. 

Each reference station and mobile station are caused to receive LD 
signals from several LD signal sources, numbered j = l, 2, . . . M[(iyi 
greater than or equal to 2)], with M greater than or equal to 2, in 
common view with each other, and to determine the LD signal values 
LD(t;i;j) as a function of time t for that station, numbered 
i=reference and i=mobile, from the signals received from the M common 
view LD signal sources. The reference station determines location 
determination adjustment signal values, or ' ' LDA signal values*', 
LDA{t;ref;j) at one or more times t that, when added to the LD signal 
values LD(t;ref;j) available at the reference station for the time t, 
produce spatial location coordinates that approximately agree with the 
known spatial location coordinates for the reference station for the 
time t. 

The LDA signal values LDA { t ; ref ; j ) are then provided in an 
encrypted form for the mobile station for a sequence of at least two 
consecutive times t=tl, t2, . . . , tn, tn+1, . . 

USE/ADVANTAGE- GLONAS, LORAN-C systems. Allows temporary cut off of 
transmission when magnitude of velocity of mobile station is either 
zero or is below small velocity threshold so eavesdropper has less 
information to use for decoding information contained in messages 
transmitted . 
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which produces symmetrical code key that is shared by first communication 
terminal and second communication terminal 
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The system uses two communication terminals (1,2) each with a 
secret data generator (11,21) which generates first and second secret 
data (Ra,Rb) respectively. An intermediate key generator (12,22) forms 
an intermediate key (Xa,Xb) limited by a prime number. 

An open key generator (13,23) forms an open key (Ya,Yb) by a 
primitive soln. multiplied to the intermediate key value . 
Communication interfaces (14,24) perform data switching between the 
communication terminals. A code key generator (15,25) generates a 
symmetrical code key (K) which is shared by the two communication 
t? rmi na 1 s . 

ADVANTAGE - Prevents code key leakage due to function code 



key generator. EnablesBRigh-speed enciphered data C^Coding using 
small-scale hardware due to function of code key . 
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a cipher text message of the form c(a,b,d) = F (S (a, b, d) , k (a, b, d) ) to 
a number of parties 'b' . 

P(a) is a public key of the party 'a', and S(a) is a secret key of 
party 'a'. A function g[S(a)] = P{a) mod p, where p and g are integers. 
! is a public key of party 'b', and h is a one-way hash function. 

■ * : indicaues a has function abd d is a time interval. The term 
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.■,a/o,d) = h(S(a,d), P(b)), and k{a,b,d) = h ( P (b) [S {a ) ] , d) and is 
: session key valid for a time d. 

USE/ADVANTAGE - Facilitates warrants for wire-tapping for bounded 
time periods. Provides reasonable protection against misuse, greater 
privacy protection and more effective law enforcement. Can be used to 
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The method involves generating a message. A device file name is 
retrieved along with a set of identification information . A first 
key code is derived from parameters. The identification 
information is processed using the first key code to derive a 
set of processed identification information . 

The processing takes place before being sent to the receiving 
riovice. The identification information and the message are encrypted 

the first key code. The device file name, the processed 
information and the message are sent to the receiving device. 

device file name is sent to the receiving device in unencrypted 
I arm . 

ADVANTAGE - Provides highly secure user to provider link. Provides 
inexpensive and generally applicable system. 
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Abstract {Basic} : WO 9515633 A 

The secure encryption system uses a public key is derived from 
: pi.ivaLe key using mathematical operations which are equivalent to 
".xoorienLia cion in finite fields. Encryption involves generating a 
:.:ric:u!n initialisation key which is used to exponentiate the 
.:o!nponents of the message receiver 's public key to produce initial 
values for a pseudo random binary mixture generator. In addition it is 
used to compute an open key by exponentiating an initial known 
generator state. 

Cipher text is produced from plain text by clocking the mixture 
generator from the initial value and combining the output key stream 
with the plain text . The open key is also transmitted . 
Decryption uses the open key to set the initial value of another 
mixture generator, 

USE/ADVANTAGE - Authentication of digital signatures. Any attacker 
is required to compute logarithms over finite fields. Degree of 
c ryptanalyt ic difficulty is known. High speed operation. High security 
with minimum length of ciphertext . Implementation is simple and 
efficient . 
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Abstract (Basic) : WO 9321711 A 

The detection process assigns the signature to the useful data 
symmetrically coded using a code key dependent on coupling 
data (K) transmitted between the data transmitter and receiver 
. The coupling data are combined with random data provided by a 
random generator. 

The coupling data are transmitted uncoded and the random data 
are coded, the coupling data pref. being dependent on the 
transmission or reception time for the data . 

ADVANTAGE - Allows detection of data which have been tapped and fed 
back into the system with detection of alteration to transmitted 
data . 
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Abstract (Basic) : US 5073935 A 

A first party is provided with a set of numbers that have the 
property that when encrypted using an RSA encruption key the 
resulting set of encrypted numbers is of an order substantially 
smaller than that of the original set. If the encryption key and 
the original set of numbers are of the order of 200 decimal digits then 
the resulting set of encrypted numbers may be of the order of 15-30 
decimal digits. To communicate a message the first party selects a 
number from the originals set and applies a hashing function to the 
selected number to obtain a 64 binary bit DES key . The selected 
iijiaber is then encrypted with the RSA key and a message is 
encrypted with the DES key obtained. 

The encrypted message and the encrypted selected number are 
combined and the combined message is sent to a second party who has 
the corresponding RSA decryption key and knows the hashing 
function . The second party then decrypts the number , applies the 
hashing function to obtain the DES key and decrypts the 
message . 

USE/ADVANTAGE - Esp . in finance industry for secure transfer of 
funds. The parties may communicate with substantially the security of 
RSA while significantly reducing the minimum message length which may 
be securely encrypted . (7pp Dwg.No.2/2) 
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The arrangement for transmitting codes is intended for a 
number of subscriber stations (TLN A, TLN, B) , where a code is 
accep.ted for communication between sending and receiving stations. 
Coding equipment for the agreed code is provided in the stations 
which are given a recognicion code . The communication system is 
i pp'^d wi. t.h an arrangement for authenticating a subscriber in the 
1^' . i • :'.jnsmi ss i ons . 

• : • : cn the desired degree of security in any transmission, 

• : : -.M':jernenL can adopc an appropriate checking response. There are 
' v;-' s^.o^^rf-s or grades of security. The first is intended for speech 

• rrjnsrnissions and employs a reduced scheme, while the second is more 
complicated and uses a central station (SMZ) for checking purposes. 

USE/ADVANTAGE - Improvement is security for subscriber without 
undue expense. Suitable for data processing systems. ( 9pp Dwg.No.2/5 
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Encoding messages in communication network - simplifying key 
management where unique cryptographic keying relationships are required 
end-to-end between pairs of parties 

• r • ::i Assignee: INT BUSINESS MACHINES CORP {IBMC 

: :v/.-rVuor : LEE S G; SMITH P R 

Nuifiber of Countries: 007 Number of Patents: 006 
Patent Family: 

Applicat No Kind Date 
EP 87303503 A 19870422 198843 B 



) ; IBM CORP (IBMC ) 



Patent No 
EP 287720 
JP 63274242 
US 4912762 
EP 287720 
DE 3775924 
CA 1315367 



Kind 
A 
A 
A 
B 
G 
C 



Date 
19881026 
19881111 
19900327 
19920108 
19920220 
19930330 



US 88182555 



CA 564730 



19880418 



19880421 



Week 
198843 
198851 
199018 
199203 
199209 
199318 



Priority Applications (No Type Date) : EP 87303503 A 19870422 
Cited Patents: 4.Jnl.Ref; WO 8102655 



Patent Details: 
Patent No Kind Lan 
EP 287720 A E 

Designated States 
EP 287720 B 

Designated States 
CA 1315367 C 



g Main IPC Filing Notes 
9 

(Regional) : DE FR GB IT 



(Regional) : DE FR GB IT 
H04L-009/00 



Absuracu (Basic): EP 287720 A 

A first set of modes transmits and receives messages to and 
irom a second set of nodes, each node in each set having an 
idenui f ication code unique to that set. Common cryptographic keys 
are derived for each set of nodes. At each node of the first set, the 
common key and a value derived , dv, from the encryption of the 
key are stored with the node identification code. 

A message encryption key is derived from a combination of 
uhe destination node identification code encrypted by the set 
'joi-amon key and the stored derived value , dv, whenever a node of 
one sec has a message to transmit to a node of the other set. 

■\S:*: - Neuwork including large population of user terminals which 
• communicate wich any one of several data processing centres. 
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Enciphering and deciphering digital data signals - has control unit 

with input connected to text generator and output connected to 

enciphering unit to provide key 
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Absi.racL (Basic) : EP 267647 A 

"'he data signals to be enciphered are processed with aid of a 
key derived from a key text . The nature of the processing 
operation performed on the data signals to be enciphered is 
determined by an instruction command which is also derived from the 
key text . The enciphering unit (11) has an input (10) for 
receiving clear digital data signals. A control arrangement (13) has 



'in input connected to key text generator (17) and ai^^utput is 

* " fid iio the enciphering unit for providing (14) a key . 

A second output is connected to the enciphering unit for 
L : '•/.:j..nc: (lb) iihe instruction command. The enciphering arrangement 
::.'ljc.ies a circuit for enciphering a character of the digital data 
s.ignais under the control of the instruction command and the key 
character . 

ADVANTAGE - Error propagation due to any type of transmission 
errors is prevented, and number of processing operations which can 
performed on clear text /key combination is large. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To provide an information distribution method 
where a sending terminal sends a cryptographic key that is hidden against 
other terminals ad a receiving terminal and the receiving terminal performs 
the decoding processing by means of the hidden cryptographic key. 

SOLUTION: A sending terminal hides a decoding cryptographic key against 
other terminals and a receiving terminal and sends this cryptographic key 
to the receiving terminal. The receiving terminal use the hidden 
cryptographic key to produce and carry out a decoding processing 
application 4 . A layer 6 is prepared between a secret communication 
protocol layer 5 and the application 4 to treat the cryptographic key for 
i:he software which is used by the receiving terminal. Thus it is possible 
CO hide the contents of the cryptographic key that contain a function which 
stores plural cryptographic keys by means of a secret communication 
protocol, a function which decodes the cipher information by means of 
the cryptographic keys , a function which erases the cryptographic keys 
out of their treating layer, and a function which shows a cryptographic 
key identifier to the application 4 for designation of one of these 
cryptographic keys. 
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ABSTRACT 

PURPOSE: To reduce the communication quantity by devising the method such 



'hd;, an au t hent i f ica t ion W^tion authenticates only a radio terminal and a 
ciphering key between a base station and the radio terminal is shared 

■ :: common . 

CONSTITUTION: A radio terminal sends an authentication number PSi to a 
base station and the base station generates a random number Rl and sends 
it to the radio terminal. The radio terminal receives it to generate a 
random number R2, an authentication information generating means 103 
synthesizes the numbers Rl, R2 and secret information Sppi to obtain an 
authentication number .sigma.ps and it is sent to the base station 
together with the random number R2 . The random numbers Rl, R2, the 
authentication number PSi and the authentication number .sigma.ps are given 
Mfi auchenticacion information check means 105/ which authenticates the 
: ; Lerminal as che terminal having the PSi when the result of check is 
"•K, dd che radio terminal and the base station generate a common 
ciphering key by common share means 106a, 106b. Thus, a random number 
required for mutual authentication consists of key common share 
information and a function in the device to reduce number of random 
numbers to be converted thereby reducing the communication quantity. 
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Displayable data delivery method for distributed processing system, 
involves encrypting primary digital data using unique key derived 
from ID label in received data to generate secondary digital data 
for transmission 
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Abstract (Basic) : US 6609202 Bl 

NOVELTY - Two sets of digital data containing the identification 
(ID) label and having mutual relation is defined and primary data is 
forwarded to the remote processing units (310,340). The encrypted 
secondary data is generated by encrypting the primary data using a 
unique key , after receiving the ID label from the processing units. 



The encrypted data transmitted to remaining pr^^ssing units. 

USE - For online delivery of displayable data in distributed 
data processing system utilized in video data , games and television 
data distribution through computer networks. 

ADVANTAGE - Unauthorized use of the digital information is 
prevented since the information providers control the encryption 
algorithms and keys effectively, 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
Che information distribution and processing system. 

information distribution and processing system (300) 
processing units (310,340) 
processors (312,314) 
output unit (322) 
pp; 13 DwgNo 1/4 
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Data decrypting device of data securing medium for protecting digital 
video disk recordings from home copying and commercial piracy 
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Abstract (Basic) : US 6005940 A 

NOVELTY - A reader (20) reads encrypted data and the unique 
decrypting information stored with each frame of encrypted data 
h-d transmits the decrypting information to a transponder (2). 
"'r,i- Liansponder includes a deciphering engine to decipher the 
received information into a decryption Icey , and transmits the 
key 'CO the reader. A decryption circuit in the reader decrypts the 
read data using the key . 

DETAILED DESCRIPTION - The unique decrypting information is the 
serial number of the frame . An energy coupling circuit provides 
energy to the transponder. The transponder includes a stored data key 
which is combined in algorithm with the decrypting information to 
derive the decryption key . An INDEPENDENT CLAIM is also included 
for data decrypting method. 

USE - For protecting digital video recordings from home copying and 
commercial piracy. 

ADVANTAGE - Offers data medium of encrypted data which frustrates 
the manufacture of illicit copies of the data medium. The non-volatile 
memory storing secret deciphering key is configured to maintain 
secrecy and avoid an illicit decryption of optical disk carrier such 
as DVD, audio CD or CD-ROM. 

DESCRIPTION OF DRAWING (S) - The figure shows a CD-ROM or DVD having 
self-contained transponder for calculation a decryption keys . 

Transponder (2) 
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Abstract (Basic) : US 6002770 A 

NOVELTY - Two characteristic information signals such as 
fingerprint information signals from users of two remote stations 
(12,14) are obtained and a sequence of random characters is generated 
to obtain a key . A key function and a Fourier transform of the key to 
represent the function are obtained . 

DETAILED DESCRIPTION - Atleast one encrypted version of the key 
is obtained based on the Fourier transform. One of the two signals is 
also obtained such that the key may be recovered by writing the 
encrypted version to a correlator (21) and inputting either of the two 
signals to the correlator. The encrypted version is stored at each of 
the two stations, thereafter any message encrypted in such a way may 
be decrypted at either of the two stations by retrieving the stored 
key. Obtaining the characteristic information signals involves 
obtaining optical beams modulated with biometric images of the 
fingerprint of the respective users of the first and second stations. 
The beams are registered in a two-dimensional plane and digitized. 
Obtaining first information signal involves encrypting the 
registered beam with a preselected key to obtain an encrypted first 
biometric signal and sending it to the second station. The preselected 
key at the second station is utilized to decrypt and obtain the 
encrypted key at the second station. Obtaining key representing 
function at the first stacion involves encrypting the function with a 
preselected key and sending the encrypted function to the second 
station. The preselected key at the second station is utilized to 
decrypt the function and the encirypted key is obtained at the 
second station. 

USE - For executing data transmission in internet. 

ADVANTAGE - Provides for secure transmission of data . A 
different biometric information signal such as a vein structure or an 
iris pattern can be input . The decryption key is released only by 
applying the finger print of the appropriate user. 



DESCRIPTION OF DRAmmG{S) - The figure shows schemaCTT view of the 
encrypted key function processor. 
Remote stations (12,1^) 
Correlator (21) 
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Abstract (Basic): WO 9935776 A2 

NOVELTY - The system has a vector acceptor to receive input binary 
digit: vectors and a data key expands pseudo-random number generator 
r: -^^')i)-\s a user provided input data key , and to generate and 

^ ;■ -i data key dependent sequence of pseudo-random numbers . 
i 'rAlr.ED DESCRIPTION - A first logarithmic signature container 
^-oncains a first logarithmic signature which consisting several 
J Lne-na L ica 1 construct blocks. Each mathematical construct block 
concains cwo permutations of a sequential number of numbers. A second 
logarithmic signature container which contains a second logarithmic 
signature which consists of several mathematical construct blocks. Each 
mathematical construct block contains two permutations of a sequential 
number of numbers. A primary mathematical operations accepts a sequence 
of pseudo-random numbers and accessing the first logarithmic signature 
container, and accessing the second logarithmic signature container, 
and applies direction found in a sequence of pseudo-random numbers to a 
first logarithmic signature caused to be contained in the first 
loqarichmic signature conuainer, to the end that a second logarithmic 
signature is produced by the primary mathematical operations and caused 
iio be contained in the second logarithmic signature container. A 
primary factorization device determines, accesses and concatenates into 
a primary factorization output vector, binary pointers which identify 



locations of permutati^^ in a second logarithmic signatT^e caused to 
be present in the secondary logarithmic signature containing device, 
which permutations, when sequentially composed, duplicate a vector 
caused to be input into the primary factorization device. In use a user 
defined data key is input to the data key expanding pseudo-random 
number generator and the data key expanding pseudo-random number 
generator outputs a sequence of pseudo-random numbers in response. In 
use the sequence of pseudo-random mimbers is received by the 
primary mathematical operations and caused to direct alteration of a 
first logarithmic signature caused to be contained in the first 
logarithmic signature container, to the end that a second logarithmic 
signature is produced and caused to be contained in the second 
logarithmic signature container while preserving a property of 
logarithmic signatures requiring that they be a collection of ordered 
rnachematical construct blocks in which each input vector encrypted by 
Li L i. 11 za t ion of it can be uniquely represented as one, and only one 
•■oiP.posicion of permutations which are present in the logarithmic 
-i-inaLure, one so permutation subjected to composition is selected from 
t}ach ordered mathematical construct blocks. In use one input vector 
consisting of a sequence of binary digits, is input, to the primary 
[iactoriza t ion device from the vector acceptor to receive input binary 
digit vectors and is utilized by the primary factorization device to 
determine selection of permutations present in the mathematical 
construct blocks of the second logarithmic signature which when 
sequentially composed result in the input vector. In use the primary 
factorization device assigns identified permutations in each of the 
mathematical construct blocks of the second logarithmic signature 
present in the second logarithmic signature container, a binary digit 
pointer which identifies the permutation location within the second 
logarithmic signature, and so- that in use the primary factorization 
device further sequentially concatenates the determined binary digit 
location pointers into a once encrypted vector version of the input 
vector input to the vector acceptor to receive input binary digit 
vectors and makes the once encrypted vector version of the input 
vector available as output from it. An INDEPENDENT CLAIM is included 
for a method of encrypting input vectors and/or providing a 
sequence of pseudo random numbers . 

USE - For secret key cryptosystems . 

ADVANTAGE - Scalable to any' input/output block size 1 and performs 
encryption / decryption at very high data rates. 

DESCRIPTION OF DRAWING (S) - The figure shows a two stage 
encryption systems sequentially composing factorization and 
composition devices. 
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Abstract (Basic) : EP 660565 A 

The communication, method involves creating pieces of information 
at a network centre, pref. random numbers, independent for every 
combination of two network entities. The centre delivers to each 
entity the random numbers corresp. to combinations involving the 
•i^nuity. A sender entity selects the delivered random number 
'■^-.rresp- to the combination including the destination entity. 

The sender entity encrypts communication text using an 
encryption key determined from the selected random number. The 
ciescinacion entity selects the random number corresp. to the 
combination of itself and the sender entity. It uses it to determine 
an encryption key for decrypting the received cipher text . 

USE/ADVANTAGE - Enables simple and safe encryption key sharing 
without preliminary communication between entities. Secret keys are 
safe against collusion between entities. 
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Abstract (Basic) : WO 9515629 A 

The method for establishing secure communication between two 
stations involves providing a set of stored seed keys to the linked 
encryption / decryption units (EDUs) . Each EDU randomly generates 
pointers which determine the number of times that a loop is repeated in 
which values are logically combined and encrypted , using one of the 
.'•^^•rd keys to determine a portion of the data encryption key . 

encrypted key header is produced and transmitted to the 
- ' 7he header is decrypted by the receiving EDU and its 

I ;.sed CO determine che portion of the data encryption key 
, developed by the other EDU. The two portions are then logically 
•::rc:ned at each EDU to produce the final DEK and permit secure data 
exchange to take place. Pref., each station is provided with three 
identical seed keys. 

USE/ADVANTAGE - Allows secure transmission to be achieved over 
non-secure communication link without explicit transfer of key data 
or use of public key. 
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Abstract (Basic) : WO 9501684 A 

The subscriber unit has a memory which contains an identifier for 
the unit, two items of shared-secret data, a random challenge, and 
instant-specific information. A processor is coupled to the memory for 
generating an authentication message as a function of the first 
shared-secret data, the random challenge, and the instant specific 
information . 

A key generator is coupled to the memory to generate a 
session key as a function of the two shared secret data , the 
random challenge and the instant specific information. An encrypting 
unit is coupled to the key generator to encrypt dialled digits 
identifying a target " communication unit, using the session key as an 
encryption variable. A transmitter is connected to the memory, the 
processor and the key generator for transmitting in a single 
message the first subscriber identifier, the authentif ication message 
and the encrypted data. 

USE/ADVANTAGE - Radio telephone and paging systems. Provides 
efficient real time authentication method and appts. using single 
message to provide authentication and communication link set-up 
information . 
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\ihs\ c) : EP 484862 A 
': rie communicacion syscem includes two pieces of communication 
• (lOOA, lOOB) interconnected via a transmission medium, e.g. line 

;10L). Both appts. have transmit (12A, 12B) and receive (13A, 13B) 
circuits. One has a conversion circuit (17A) for encrypting an 
information signal to be transmitted (A) to the second utilising a 
signal (8* } received from it. 

The second appts. has an information memory (23B) for storing as 
key information , information (B) it transmits to the first appts. 
It also has an inverse conversion circuit (18B) for decoding a received 

encrypted signal (A') using the key information read out of 
information memory. 

ADVANTAGE - Key information varies with transmitted signal 
from which it is derived, providing highly secure communication system. 
Simple construction. 
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Fulltext Availability: 
Claims 

Claim 

1, A system for transmitting digital data to a plurality 
of users on demand, each user having an associated unique 
identity code , the system comprising means for receiving 
b iTrom a user that user's identity code together with a demand 
for specified digital data and, in response thereto, 
encrypting the demanded data, using as an encryption key a 

function of that user's unique identity code , and 

transmitting the encrypted data to the user, 

2 A system as claimed in claim 1, wherein the encryption 
key is identical to the received unique identity code . 

A system as claimed in claim I or claim 2, wherein each 
'...ser's unique identity code represents credit card data. 

'1 A syscem . . . 

. . . second sequence of bits by individually transforming each 
bit of said first sequence into a corresponding bit of said 
second sequence in dependence on said encryption key . 

5y-^A method of transmitting digital data to a plurality of 
^users on demand, , each user having an associated unique 
identity code , the method comprising receiving from a user 
that user's identity code together with a demand for 
specified digital data and, in response thereto, encrypting 
the demanded data, using as an encryption key a function of 
chat user's unique identity code , and transmitting the 
encrypted data to the user. 

6 A method as claimed in claim 5, wherein the encryption 
key is identical to the received unique identity code . 

7 A method as claimed in claim 5 or claim 6, wherein each 
user's unique identity code represents credit card data. 

8 A method . . . 
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C .1. a 1 ai 

. . . to allow the 

sender to identify from the master signature said 
second subset of bytes; and 

using said second subset of bytes to encrypt 
the message at the sender and when the encrypted 
message is received at the receiver, to decrypt 
the received message at the receiver. 



1 9 The method of . . . 



.step of 

using said second subset of bytes to encrypt the 
message at the sender and to decrypt the received 
message at the receiver comprises: 

deriving an encryption key at both said 
sender and said receiver from said subset of 
bytes ; 

encrypting at the sender the message to be 

sent to the receiver using said encryption key ; 

sending said encrypted message to the 

receiver ; and 

;if^rryprinq the received message using the 
encryption key originally generated at the 
•■ ^ :v-^:', whereby the second subset of bytes from 

-.he encryption key is derived is never 
• L r.snii u c ed between the sender and the receiver. 



20 The method of generating an encryption key 

for use in encrypting information to... said second subset of bytes to 
encrypt the 

message at the sender and said means for using said 
second subset of bytes to decrypt the received message 
at the receiver comprise: 

means for deriving an encryption key at said 
sender from said subset of bytes; 

means for deriving the same encryption key at 
said receiver from said subset of bytes; 
means for encrypting at the sender the 
message to be sent to the receiver using said 

encryption key ; 
means for sending said encrypted message to 



the receiver; and 
means for decrypting the received message 
using the encryption key derived at the receiver, 
whereby the second subset of bytes from which the 

encryption key is derived is never transmitted 
between the sender and the receiver. 

64 Structure for generating an encryption key 
for use in encrypting information to be transmitted 
from a sender to a receiver which comprises : 
means for generating a master signature 
associated with a senders- 
means for storing.,. 
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Claims 
Claim 

. . . a one way hash 

: 'J ion ; 

■■ : r'vvi-ijng to a wiretapper terminal connected to 
: . t ^.''-.work sufficient information to permit said 
: • :f':->er; uerminal to decrypt said cipher message 
..'■.!..: said cipher Icey and obtain said session key 
/.■.LnouL said wiretapper terminal obtaining said 
secrec key of the party a; 

(c) transmitting an information message via said 
network between said parties a and b encrypted using 
said cipher function f and said session key ; and 
20 

(d) decrypting said information message transmitted 

between said parties a and b at said wiretapper 
terminal . 

A The method of claim 3, wherein: 

said session key is determined by a processing... 
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Claim 

. , . said device file name and said set of identification information; 
deriving a first key code from said parameters; 

processing said identification information using said first key code 
to derive a set of 

processed identification information; and 

.sv^rid 1 nq said device file name, said processed identification information, 
•.:n:i said message to the receiving device. 

, The mechod of claim 1, wherein said message is processed using said 
i ::su key code 1 5 prior to being sent to the receiving device. 

3 The method of claim 2, wherein said identification information and said 
message are encrypted using said first key code as an encryption 
key . 

A The method of claim 3, wherein said device file name is sent to the 
receiving device in unencrypted form. 

'■ 'I'rr^ iWr^ihoG of claim... 
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^^ The syseem of claim 39, wherein: 

■he encrypting means is additionally for dividing the key into a partial 
key and a complementary partial key , and for encrypting the 



complementary 

partial key to provide an encrypted partial key ; 

the distributing means is additionally for distributing the encrypted 
parcial key to the users; 

i.he key storing means is for storing the partial key; 

::he coding means is for coding the partial key, using the user 

J dene i f ica tion, to provide a coded partial key; 

['he central communication means transmits the return message 

including the coded partial key; 

the key decoding means is for deriving the key from the coded partial 

key and the encrypted partial key , and includes: 
a partial key decoding means for decoding the coded partial 
key to provide a partial key , 

a means for decrypting the encrypted partial key to provide 
the complementary partial key, and 

a means for combining the partial key and the complementary 
partial key to provide the key. 
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.vilit:ies meters {2 62 in Fig. 7)e 
::Xc3!;ipi.es of controlled functions include: 

: 0 

Load and run the contents of the information segment. 
Decrypt the execution segment using decryption key Go 
Decrypt the execution and meter-monitor segments using 
decryption key Jo 

Commence the video overlay combining designated in the 

meter-monitor segment. 

Modify the execution segment to instruct URS 
microcomputer, 205, to commence overlay designated. . . 
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" I a 1 ni 

. . . accordance with video 
scrambling codes; 

providing video descrambling codes for descrambling said 
scrambled video information; 

encrypting said video descrambling codes in accordance 

'th a first encryption key; 

wi 

providing a session key for decrypting said encrypted video 
descrambling codes; 

encrypting said session key in accordance with a second 

encryption key ; 
including said encrypted video descrambling codes and said 

encrypted session key in said television- during said second period 

during 

which no video information is present; and 
providing a subscriber code and a fixed key at the 

receiver which receives said television signal, said subscriber code and 
said fixed key being used to derive a distribution key, said distribution 

key being used to decrypt said encrypted session keyv said 
decrypted 

session key being used to decrypt said encrypted video descramble 
codes,, said decrypted video descramble codes being used to descramble 
said scrambled video in forma c ion . 

'The [nechod of claim 29 wherein said step of providing a 
y^^ssion- key includes the step of deriving said session key from said 
:ii:sl encryption key * 

31a The method of claim 29 wherein said session key is 
changed periodically. 

32e The method of claim 29 wherein the step of providing a... 

...a plurality of validation codes, each of said plu 

rality of validation codes being unique for each of said receivers which 
receives said television signal; 

encrypting said session -key in accordance -with a second 
encryption key; 

transmitting said encrypted video descrambling codes, said 

AE 

r-^ncrypced session key and said plurality of ... plurality of 

validation codes, said comparator providing a logic signal indication 

when a match is found, said logic signal enabling logic means to 

penriie said decrypted session key to decrypt said encrypted video 

descramble codes, said decrypted video descramble codes being used to 

descramble said scrambled video information, 

34o The method of claim 33 wherein said step of providing a 

session key for decrypting said encrypted video descrambling codes 

includes the step of deriving said session key from said first 
encryption key . 

35o The method of claim 33 wherein the step of providing a 

i s r ribu t ion key at said receiver includes the step of deriving said 
■ : : s r ! bu t ion key from said encryption key . 
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...SPECIFICATION preferably known only to the device and the verification 
party, but if generally known are not sufficient to determine the key, 
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the stored parameters, or the key are never transmitted in a message. 
What is transmitted is a message parts of which are encrypted with a 
key that is derived from the stored parameters and the shared secret 
information that is input by the user. 
Another aspect of the present invention relates to a computer program 
which, when run on a computer system, causes... 



14/3, K/3 (Item 3 from file: 348) 

DIALOG (R) File 348: EUROPEAN PATENTS 

(c) 2004 European Patent Office. All rts. reserv. 

01409274 

Method and device for performing secure transactions 

Verfahren und Vorrichtung zur Ausfuhrung von gesicherten Transaktionen 
Precede et dispositif de realisation de transactions securisees 

\ AT^NT ASSIGNEE : 

■'v'^ ifom Corp., (211S052), 5520 Explorer Drive, 4th Floor, Mississauga, 
•i-'iriv) L4W 5L1, (CA), (Applicant designated States: all) 

: .t^rks, Timothy, 21 Saturn Street, San Francisco, California 95112, (US) 

: i:::.AL. representative: 

Coyle, Philip Aidan et al (72291), F. R. KELLY & CO. 27 Clyde Road 
Balisbridge, Dublin 4, (IE) 
PATENT (CC, No, Kind, Date): EP 1191743 A2 020327 (Basic) 

EP 1191743 A3 030917 
APPLICATION (CC, No, Date) : EP 2001650107 010920/ 
PRIORITY (CC, No, Date) : US 665763 000920 

DESIGNATED STATES: AT; BE; CH; CY; DE; DK; ES ; FI ; FR; GB; GR; IE; IT; LI; 

LU; MC; NL; PT; SE; TR 
EXTENDED DESIGNATED STATES: AL; LT; LV; MK; RO; SI 
INTERNATIONAL PATENT CLASS: H04L-009/32 
. ABSTRACT WORD COUNT: 120 

Figure number on first page: 1 

LANGUAGE ( Publ icat ion , Procedural , Appl icat ion ) : English; English; English 
FULLTEXT AVAILABILITY: 

Available Text Language Update Word Count 

CLAIMS A (English) 200213 460 

SPEC A (English) 200213 5310 

Total word count - document A 5770 

TotaJ word count - document B 0 

r':ta] word count - documents A + B 5770 



XATION trusted provider of certificate status information. 

:er, cercificate status queries and responses can be sent over the 



secure connection, each iKinq synunet rically authenticated^rith the 
shared secret key negotiated in the handshake phase of establishing 
the secure connection. In protocols such as SSL, these symmetrically 
auuhent icated messages may be transmitted over several connections, 
each deriving its keys from a single shared secret established in an 
iMi^iai. handshake. This use of a secure connection instead of 
: i : V ! flua 1 ! y authenticated messages gains a performance advantage... 
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...SPECIFICATION PFX can be independently protected from exposure during 
transmission by one of two privacy modes: 

1. Public-key privacy mode, in which the data is encrypted with the 
public key of the receiver and the data can be decrypted at the 
receiver with the corresponding private key; and 

2. Password-based privacy mode, in which the data is encrypted with 
-J shared secret key (symmetric key) derived from an input password 
and Che data can be decrypted with the same key at the receiver. 
Alternatively, the data may be left unprotected, i.e. no encryption. 

The PFX is itself protected from data tampering by one of... 



.the receiver; and 

2. Password-based integrity mode, in which a message authentication 



'•crio is produced by dige^ring the entire PFX with the HMAc^SHAl message 
'iiqcst algorithm. The HMAC key is derived from an input password. At 
uhe receiver, the digest is re-generated using the same input password 
and compared against the attached digest. If the... 
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...SPECIFICATION The terra symmetric reflects the fact that both users must 
;■. :V-- icienuical keys. 

Technical terms, a symmetric cryptosystem comprises an 
■, : ' ! >r: I. u ri c c .lon , a decryption function, and a shared secret key 
. key is a unique string of data bits to which the functions are 

:ppl:ed. Two examples of the encipherment /decipherment functions are the 
Ndcional Bureau of Standards Dating Encryption Standard (DES) and the 
more recent Fast Encipherment Algorithm (FEAL) . To transmit a message in 
privacy, the sender computes "cipher text , " which is a function of the 
encryption function along with the shared secret key and the 
message to be transmitted. Upon receipt of the cipher text, the 
recipient computes a transmitted message, which is a function of the 
decryption function along with the cipher text and the shared secret 
key , to recover the message. An eavesdropper, who copies the cipher 
text, but does not know the shared secret key , will find it 
practically impossible to recover the message. Typically, all details of 
Che enciphering and deciphering functions are well known, and the 
security of the systems depend solely on maintaining the secrecy of the 
shared secret key . Conventional symmetric cryptosys terns are fairly 
efficient and can be used for encryption at fairly high data rates, 
especially if appropriate hardware implementations are used. 
Another . . . 
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■jenerator, forms the shared key as a function of the intermediate 
value and the integer, and encrypts the message using the shared key 

A method for secure communication of a message receives an encrypted 
message which has been encrypted using a shared key formed as a 
function of an intermediate value and a selected integer, the , 
intermediate value being based on a generator of a subgroup of a 
multiplicative group of a... 

. .of the subgroup being a second prime number which is a factor of a 
cyclotomic polynomial evaluated at a first prime number, and decrypts the 
encrypted message using the shared key . 
A method for secure communication of a message selects a first prime 
number, obtains a cyclotomic polynomial evaluated at the first prime 
number, obtains a... 
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..SPECIFICATION inverting, symmetric key cryptosystem may comprise three 
stages. The first stage is an autokeyed encryption on the plaintext. The 
second stage is a self -inverting cipher where the encryption key is 

derived from a portion of the message as encrypted by the first 
stage. The third stage is a second autokeyed decryption that corresponds 
•.o ;:he autokeyed encryption of the first stage. 



,. radio • provider s interconnected for service to both stationary and mobile 
Lelephones and the like; 

FIG. 2 depicts the process for directing the creation of a shared 
secret data field and the verification of same; 

FIG. 3 shows the elements that are concatenated and hashed to create 
the shared secret data ; 

FIG. 4 shows the elements that are concatenated and hashed to create 
the verification sequence; 

FIG, 5 shows the elements that are concatenated and hashed... 
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...SPECIFICATION documents refer to a system, known as System B, which is a 
shared key over-air addressing system where the scrambling process i.e. 
the process that renders the picture and/or sound/data 
unintelligible, is derived from a truly random control word (CWl or CW2 ) . 
The control word and any programme... 

...sent over-air in an Entitlement Checking Message (ECM). The 

Supplementary key(s) together with customer messages or authorisations 
(M) are further encrypted using a shared distribution key (D) and the 
resulting cryptogram D(iyi,S) is sent over -air an Entitlement 
Management Message (EMM) . The shared distribution key is stored 
within the viewer's conditional access sub-system { CASS ) which 
enables this sub-system to derive the Control Word or words, and to 
store any authorisations. The EMM has two data streams of which the 
Unique Customer packets are used to update the CASS in terms of shared 
distribution key , address, etc. and the Shared Customer packets contain 
the actual entitlements or authorisations . 

The above System B proposal is designed to operate at any one time in 
oiie mode, either a subscription mode or a pay-per-view... 
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Pull i:e:-:t Word Count: 




p ! 1 1 Le:-:i: P^vailabili ty : 
:-«M-ii led Description 

' i ; 1 ed Description 
. . . 'jsed to produce the same 

vd.lue output from the algorithm without access to the original 
input, including the secret key. Thus, by using a secret key 
encrypted with a one-way function to, in turn, encrypt plain 
text to be sent in wireless ad-hoc network messages, the 
secret key becomes much less vulnerable to attacks such as the 
Fluhrer attack. 

In accordance . . . 
...security function is enabled the 

encrypted messages include cipher text and an initialization 
veccor (IV). The IV is normally used in WEP to augment the 

shared secret key used by the wireless stations and access 
r-'incs and produce a different key sequence for each packet of 
chus avoiding two cipher texts having the same key 
• r '^arn . 

As noced above, even the use of the IV called for in 

Che 802,11 standard does not make WEP immune to attacks such... 
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Detailed Description 

. , . aspect of the present invention, a method for authenticating and 

exchanging parameters between two parties over an unsecured data channel 



for deriving a shared se^Rt encryption key can proyic^per f ect 

i:orward secrecy using a minimum amount of communications bandwidth. 



That is, the method for authenticating and exchanging parameters for 
deriving a shared encryption key can prevent unauthorized access 
to encrypted messages even if a party later divulges its private key. 
The method can employ an asymmetric encryption algorithm, such as a 
public- key algorithm, that functions as a carrier to transport the 
parameters of a symmetric algorithm such as key exchange parameters of 
x.he Di f f ie-Heliinan protocol. 

' :. . . : .'^'.xjncJ pa rcy is vaJ.id. If the public key certificate is valid, 
■ ■ : .:: ■ far;:'/ can send r.o iihe second party a message comprising an 
encrypted !;on-secret key exchange value and a random number, where 
: •;. ■ value and the random number are encrypted with the public key 

J >:,'jinc Lo the second party... with other exclusive "or" operations from 
c'cner shift registers in a group of shift registers. 

In the method for authenticating and exchanging parameters, a public key 

encryption algorithm can fimction as a carrier to transport the 
parameters of a key exchange protocol. By operating in this manner, the 
method can reduce the number of messages needed to authenticate and 
e.'schange the parameters for deriving a shared secret key compared 
Lo uhe number of messages used in the conventional art. 

L llusu ra tive Operating Enviromnent for the Invention 

Referring now to the drawings, in which like numerals represent like 
elements throughout the... 1145 can ftirther comprise the subscriber 
optical interface's 140 lion-secret key exchange parameter 1140 and the 
nonce 1150. The nonce 1150 can be encrypted with the shared 
encryption key . In response to the third message C, the laser 
transceiver node 120 can take the subscriber optical interface's 140 
non-secret key exchange parameter 1140 and its first secret key parameter 
such as small letter x to derive the shared encryption key . 

The three messages described above ( messages A, B, Q combine public 

k ^ - y 

:, .': ■*^'j:aphy and a key e:-:change protocol to take advantage of the 
:• :.■ : . • s Di' boLh cypes of key distribution. Specifically... 

. . .,i carrier to transport the parameters of a key exchange protocol to 

verify the identity of the subscriber optical interface 140, to establish 
a symmetrical key to use for data encryption , and to provide perfect 
forward secrecy. 

In order to agree on a secret key, the Dif f ie-Hellman key exchange 
protocol is used, as described below... 
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Detailed Description 

. . . above, the authentication method 
negotiated (during IKE negotiation) 
candidates . 



for the exchange has already been 
from four different types of 



- digital signature, 

- authentication with public key encryption (two different), 

- pre- shared key . 

New, the selected authentication method will be applied in this 
authentication exchange, and the result will be three groups of 
authenticated keying material (keymat) . 

- the keymat used by the ISAKW SA to protect the confidentiality of its 
messages , 

- r.he keymat used by the ISAKMP SA to authenticate its messages , 

- lUe keyniat used to derive keys for non-ISAKMP security 

a ssocia i: ions . 

"h i 5 keying material is proven to be authentic, because both the 
': ni i: ia c or and 



14/3, K/12 (Item 4 from file: 349) 

DIALOG (R) File 349:PCT FULLTEXT 

(c) 2004 WIPO/Univentio. All rts. reserv. 

00785490 **Image available** 

INTERNET PROTOCOL MOBILITY ARCHITECTURE FRAMEWORK 
CADRE D 'ARCHITECTURE DE MOBILITE PAR PROTOCOLE INTERNET 

Patent Applicant /Assignee : 

NORTEL NETWORKS LIMITED, World Trade Center of Montreal, 8th floor, 380 

Sc. Ancoine Street West, Montreal, Quebec H2Y 3Y4, CA, CA (Residence), 

CA (Nationality) 
: r\ V e n i: o r ( s ) : 

AKHTAR Haseeb, 3102 Pamela Place, Garland, TX 75044, US, 
QADDOURA Emad A, 1320 Wateredge Drive, Piano, TX 75093, US, 
BECKER Carey B, 1529 Faringdon Drive, Piano, TX 75075, US, 
PATIL Basavaraj B, 7616 Capella Court, Piano, TX 75025, US, 
BARNES March H, 3820 Hidden Trail, Flower Mound, TX 75028, US, 
WURCH Donald L, 3607 Highpoint Drive, Rockwall, TX 75078, US, 
COFFIN Russell C, 5608 Crowndale Drive, Piano, TX 75093-8500, US, 
ZHU Zemin, 3808 Neiman Road, Piano, TX 75025, US, 
TUMMALA Rambabu, 4324 Giovanni, Piano, TX 75024, US, 
'.AI-AVANAN Raja, 1100 Meredith Lane #728, Piano, TX 75093, US, 
' Mohamed, 118 Briaroaks Street, Murphy, TX 75095, US, 

• :i-n 1 605 Meadowgate Drive, Richardson, TX 75081, US, 
='o:.\ and Priority Information (Country, Number, Date): 
ijienc: WO 200119050 A2-A3 20010315 (WO 0119050) 

Application: WO 2000IB1553 20000908 (PCT/WO IB0001553) 

Priority Application: US 99152916 19990908; US 99156669 19990929; US 

99157289 19991001; US 99157449 19991004; US 2000192411 20000327; US 

2000657516 20000907 



.ar.ed Staues: AE AL A^F^T AU AZ BA BB BG BR BY CA CH C^Hu CZ DE DK EE 

r:;'FI G3 GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT 
i/J L.V MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT 
UA UG UZ VN YU ZA ZW 

(EP) AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE 

(OA) BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG 

(AP) GH GM KE LS MW MZ SD SL SZ TZ UG ZW 

(EA) AM AZ BY KG KZ MD RU TJ TM 
Publication Language: English 
Filing Language: English 
Fulltext Word Count: 85222 
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'\ \:^\]ed Description 

■ L'^esc ripe ion 

. . . . :A presents an 

i-'iteorated APA interface (through a single IP address) to 
che rest of the IP Network 108 and is configured for 
forwarding AAA messages to the appropriate function , 

within the NSF 104 (FIGS. 4A, 4B, 4E, and 4F) responsible 
for a particular function. This allows an operator 

specific internal architecture of an NSF ... function 462 or the mobility 
manager SMM 4 64j, 

performs an AAA function, , that entity generates an AAA 
iiiessaqe and sends it to a "local" AAA function . The 
"local" AA.A function is defined with respect to FIG. 12 
^i.s Lhe AAA function 4 62A, 4 628, or 4 50C located at the 
LSF 106A, 1068. . . 
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pietailed Description 

. . . secret key is commonly referred to as a message integrity code, or 



"MIC," process. The MIC ^^Rcess produces an integrity codUBy 
concatenating the shared secret key with the data and then encoding 
the data and the key using a cryptographic hash function . The result, 
which is the integrity code , is then sent along with the data to a 
recipient who shares the secret key. The recipient similarly concatenates 
iihe shared secret key with the received data and encodes the data and 
• he key using the hash function . If the result matches the received 
: ;r.iy code , the data is considered authentic. The MIC 
; i>:a u ion process works well and is relatively reliable, assuming 

■ nolciers of the shared key are trusted. However, this process 
sLili requires producing a hash based on all of the data bytes in the 
daca packet, and is thus still... 

.data authentication system that at the sender produces for a plurality 
of data packets a plurality of "integrity checks" that it then encrypts 
with a shared secret key and sends as an "integrity block." A 
recipient decrypts the integrity block using the shared secret key 
and reproduces the integrity checks. It then uses the integrity checks to 
authenticate the associated data packets. As discussed below, the 
authentication system uses a... 
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Detailed Description 

. . . asymmetric techniques are available, as well as access-control 
technology . 

Furthermore, in communication it is assumed that each message that needs 
to be secured is encrypted by a key . The key is either shared by 
the sender and the receiver or derived from a key exchange protocol (for 
^'^.xanic l.e , the Di f f ie- Hel Ima n key exchange where one or both parties 
I .tii'ize a public key and the parties can derive a shared key ) . 

:f't\Qr, messages that need to be signed for authenticity and proof of 
oriqin, are signed by the sender. Shared cryptographic information 
may be used for binding and connecting messages, logging and monitoring 
of messages. 



:v:'hir! a context of mess^^^- exchange (a transaction), meslBges may be 

' i 1 ... 
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. * led Description 

. . . :"nly accessible to the internal function blocks and the Security 
K^MEKrl. Included in these Laser Variable bits are. 

* 1 12-bit Local Storage Variable (Master Key - Encryption - Key ) 

0 80-bit Randomizer Seed 

^' 48-bits Program Control Data (Enables/Disables various IC features and 

configures 

the IC) 

16-bit CRC of the Laser Data 
The Program Control Data (PCD) bits include configuration for permitted 
Key 

Lenquhs, Algorithm Enables, Red KEK loading, Internal IC Pulse Shaping 
rharacuerristics, etc. Some of the PCD settings may be overridden with a 
Dicjically Signed Token... 

...C when it boots. These Tokens are created by IRE and each is targeted to 
a specific CryptIC using a Hash of its unique identity { derived from 
the above Laser Variable) . 

Downloadable Secure Code 

The Crypt [C is designed to allow additional Security Functions to be 
added to the device through a Secure Download feature. Up to 16k words... 



.be given the security privileges of the Kernel firmware. All downloaded 
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...SPECIFICATION B sends the MAC generated in the preceding step of (10), 
to A (message (square) in Fig. 4). 

(12) A performs a calculation of the message authentication code 
generating function with the common key k ( underscore ))) AB and the 
messages (square), (square), and (square). The result should be equal to 
the MAC having been sent in the preceding step of (11). When they are 

n P 1 



... k (underscore) AB proves iSK: the other party knows the rar^^i number A 
and the random number B. 

3) Since the random number A was encrypted with the public key B 
and then transmitted, only B knows this except for itself (A) . 

4) It is, therefore, proved that the other party in communication is B 



.correspondent proved to be B also knows the messages (square), (square), 
-^irid (square) . Therefore, the messages exchanged heretofore are definitely 
• hose from B and the messages having been transmitted must also 
correccly be delivered to B. 

(13) A confirms from the preceding step (12) that the correspondent is 
B and the messages heretofore were correctly transmitted and 
received to and from B. 

(14) A performs a calculation of the message authentication code 
generating function with the common key k ( underscore ) AB and the 
messages (square), (square), (square), and (square) to generate a MAC. 
MAC is a code (numerical number) authenticating that the messages were 
correctly transmitted and received. 

(15... 
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...SPECIFICATION out-of-date keys), need not to inform other users where to 
download software from and how to use the software to create and store 
keys 

tioiineci in the dependent claim 2, the communication of the 
- - .^'^ message takes place via a server. In this way, the sending 
.i'-nv only needs to have access to the public key of the secure server, 
mis simplifies checking whether the key is still valid. Moreover, the 
sending client is relieved from having to manage the email in the 
situation that the receiving client has not yet obtained a key pair. 
Preferably, the sending client always uses the services of the secure 



1 m 



delivery of s^W:'ed content. Alternatively, th^^iending 

. : - ' ' :r.-iy send uhe email directly to the receiving client 
encrypted with the public key of the receiving client if this key is 
jVnu.able in the key server. If the client sends directly, the .secure 
server is used if no. . . 
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...SPECIFICATION keys Kl)), K2 ) ) ... Kn) ) of the enciphering library 15. 
The identification module 27 is designed to perform the identification 
according to one of the identification keys K'i)), as a function of 
: :nsi. rucL ions given by the message identification device 4. Moreover, 

".: ir.r. rer comprises: 

- ident i f icacion control unit 21, capable of triggering the 

. ;-i*-nc i f ica t ion module 27 by communicating the necessary information 

ihere to . . . 

...unit 23 for extracting from the message MSG the key identifier KeylD, 
giving the current identification key K'i)) chosen in correspondence with 
the current enciphering key K'i)) of the sender 2. 

The succinct account given above is essentially functional, and it is 
exclusively centred around specific features in conjunction with a 
particular assembly for securing and identifying messages . The sender 
1 can in reality comprise several securing devices such as that 
referenced 15, possibly in combination. For example, the securing of the 
messages combines encryption... 
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...SPECIFICATION a predetermined safe protocol such as SSL (Secure Sockets 

Layer) . In SSL, the server and the client exchange a security policy and 

set a selected encryption key . At this time the server and the client 

exchange a random number. Then the server sends an electronic certificate 
to the client, which the client... 

. . . che server. Then three random numbers, including the two random numbers 
t^xchanqed firsc between both ends of the communication, are compressed 
isincj such a hash function as MD5, and a common key for encrypting 
a message and a message authentication code for preventing alteration 
are generated. Hereafter, conununicat ion is performed while data is 
encrypted by a common key method. The hash function is an operation 
method to generate a pseudo-random number based on input data, and input 
data cannot be reproduced from. . . 

...Secure Hypertext Transfer Protocol) is known as a similar protocol. 

According to a conventional security method, it is possible to increase 
the security of a message exchange between a server and a client and 
to prevent a third party from intercepting and reading a message to a 
degree. But the security of... 
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..SPECIFICATION or each first key being loaded into the network 
termination unit for later use with the first algorithm in authenticating 
a line. Advantageously, the first key may be a function of the 
identification code encrypted by the second key using the security 
algorithm . 

In a preferred embodiment, the transaction number is a variable number 
which is changed after each authentication attempt. 
Tr.e security node... 

. . ' ' ■ '^r: ien 1 1 y , the security node may prevent access to the network for 
• x'^eLwork termination unit in the event that no match between the 
^'K'fAj'rced and received authentication codes is made within a 
predetermined duration. 

Preferably, the network termination unit transmits a negative 
acknowledgement to the security node in the event that no challenge... 
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... FIG. 4, the HLR/AUC I 00 responds with message 230 containing a random 
number (RAND) 41 0, a signed response (SRES) 450, and an encryption 
key (Kc) 400. The gateway 60 takes the Kc 400 and uses it to compute an 
: :t:.---a r j c y key (K) based on uhe formula K = f ( { Kc . . . 

... :;:iveway^60 would then store the SID, IMSI, RAND 440, SRES 450 and K in a 
single 'record in the ga.teway=s 60 memory. Thereafter, message 
1 4 

is sent from the gateway 60 to the mobile station 20 and contains RAND 
4 40 and Ml. Ml is computed based upon a message authentication code 
(MAC) function using integrity key (K) And RAND 440. The formula used 
is represented as Ml = MAC (K, {RAND}). The purpose of a MAC is to 
facilitate, without the use. . . 
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* . . ' Jescr ipL ion 

K2 ... Kn of the enciphering library 15. The identification module 27 
is designed to perform the identification according 1 5 to one of the 
identification keys Ki, as a function of instructions given by the 
message identification device 4. Moreover, the latter comprises, 
an identification control unit 21, capable of triggering the 
identification module 27 by communicating the necessary information 
thereto . . . 



...a unit 23 for extracting from the message MSG the key 

identifier KeylD, giving the current identification key Ki chosen in 
"or respondence with the current enciphering key Ki of the sender 2. 

The succinct account given above is essentially functional, and 

i.t is exclusively centred around specific features in conjunction with a 

particular assembly for securely protecting and identifying messages . 

The 

sender 1 can in reality comprise several security devices such as that 
referenced 15, possibly in combination. For example, the secure 
protecting of the messages combines... 
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. . . PA on at least the first value Pu and the second encryption E2 is the 
encryption of the second value Si, under the first public key Pu, the 
received second encryption E2 and ...ownership of the receipt Lu, that 
has been issued by the second party A, is verified. 



The second validation pa^H B, indicated with box 4, rec^^es a proof 
message PM from the user U, indicated with box 1. The proof message PM 
is derived from the first public key Pu that bases on the secret 
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... receiver computes the subset key Li,j by evaluating the function G at 

nuisL N Limes ac block 68. Then, the receiver uses the subset key to 

decrypt the session key K ac block 70 for subsequent message 
:iec rypt ion . 

Figure 13 shows how labels and, hence, subset keys, are assigned to 
receivers in the subset difference... 



.off the direct path and that are induced by some node vi, an ancestor of 
u. These labels establish the private information lu of the receiver at 
block 74, with subsequent message session keys being encrypted with 
subset keys derived from the labels at block 76. 

Referring briefly to Figure 14, the above principle is illustrated. 



every vi ancestor with label S of a... 
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Detailed Description 

... receiver computes the subset key Li,j by evaluating the function G at 
most N times at block 

68. Then, the receiver uses the subset key to decrypt the session 
key K 

a r block 70 for subsequent message decryption. 

r'iqure 13 shows how labels and, hence, subset keys, are assigned to 
receivers in the subset difference... 



.off the direct path and that are induced by some node vi, an ancestor of 
u. These labels establish the private information I. of the receiver at 
block 14 f with subsequent message session keys being encrypted with 
subset keys derived from the labels at block 76. 

Referring briefly to Figure 14, the above principle 
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.. . ::) possession of che decryption key (private key) can decrypt the 
":'--^ScKjo . Thus, the owner of a public key requests all parties that wish 
• 'S' send the owner an encrypted- message , to encrypt the message 
ising che public key of the owner. All messages thus encrypted can only 
be decrypted by the owner, using the owner's corresponding private key. 

The public key technique... 

...the other party's public key value to privately and securely compute a 
private key, using an agreed-upon algorithm. 

The parties then use their derived private keys in a separate 
encryption algorithm to encrypt messages passed over the data 
communication channel. Conventionally, these private' key's are valid only 
on a per communication session basis, and thus, are referred to as 
session keys. These session keys... 
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Decailed Description 

. . . in possession of the decryption key {private key) can decrypt the 
message. Thus, the owner of a public key requests all parties that wish 
to send the owner an encrypted message , to encrypt the message 
using the public key of the owner. All messages thus encrypted can only 
be decrypted by the owner, using the owner's corresponding private key. 

The public key technique... 

...;.he oLher party's public key value to privately and securely compute a 
pr. ivace key, using an agreed-upon algorithm. 

The parties then use their derived private keys in a separate 
encryption algorithm to encrypt messages passed over the data 
communication channel. Conventionally, these private keys are valid only 
on a per communication session basis, and thus, are referred to as 
session keys. These session keys... 
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:'.::bi.!.e station 20 and used to identify this particular session. The 
:jdLeway 60 in turn stores the SID and IMSI in its local memory and 
transmits the IMSI in message 220 to the HLRJAUC I 00 contained within 
home network operator service 80. The gateway 60 is able to i dentify 
which HLR /AUG 100 . . . 

.to FIG. 4, the HLRJAUC 100 responds with message 230 containing a random 
number {[U\ND} 41 0, as igned response {SRES) 450, and an encryption 
key {Kc) 400. The gateway 60 takes the Kc 400 and uses it to compute an 
inuegrity key (K) based OD the formula K = f (jKcj... 

.gateway 60 would then store the SID, IMSI, RAND 440, SIZES 450 and K in 
a single record in the gateway--s 60 memory. Thereafter, message 240 is 
sent from the gateway 60 to the mobile station 20 and contains RAND 440 
and M 1. M I is computed based upon a message authentication code 
(MAC) function using integrity key (K) And RAND 440. The formula used 
is represented as M" I MAC {K, JRANDI). The purpose of a MAC is to 
facilitate, without the... 
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C J. a i m 

. . . 35, wherein the 

first keys are encrypted according to a Triple-DES 
a] gorichm . 

. A me c hod as recited in claim 35, wherein the 
second keys are encrypted according to a public- key 
rypuographic technique. 

39 A method as recited in claim 38, wherein the 
public-key cryptographic technique implements an RSA 
algorithm . 

40 A method as recited. . . 

. . .35, wherein the 

application of the message authentication code comprises the 
steps of 

concatenating the first key and the second key; 
and, 

hashing the concatenated keys in accordance with a 



hashing function to pr^Wace said message authent icatil 
code . 

41 A method as recited in claim 40, wherein the 

hashing function comprises a Message Digest 5 function. 

A method as recited in claim 35, wherein step 
:.) iurtiher comprises the steps of: 
' \ ] hasrxinq a message that is comp rised of the 
ST'; -one key ; 

(li) encrypting the hash message with a public- key 
encryption algorithm using a private key associated with the 
Sl-^, wherein the private key has a corresponding public key 
that is provided to the STU; and, 

(iii) transmitting the encrypted hashed message to 
the authorized customer. 

43 In a digital transmission system wherein 

qroups of program bearing packets are transmitted over a 

..ii'jlLal necwork between a service... 
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■ 'iiL'tuing Che expected authentication code with the received 
J..* ii^^n;. i ca t ion code; and 

.ifjcying unrestricted access to the network for the terminal unless the 
expected and received authentication codes match. 

The terminal may be part of an NTE with. which the security node 
communicates to establish authentication or not. Alternatively, the 
terminal may be... 

...key, the or each first key being loaded into the terminal for later use 
with the first algorithm in authenticating a terminal. Advantageously, 
the first key is a function of the terminal identification code 
encrypted by the second key using the security algorithm. 

In a preferred embodiment, the transaction number is a variable number 
which is changed after each authentication attempt. 

The security node. . . 

...of the network. 

Conveniently, the security node prevents access to the network for the 
terminal in the event that no match between the expected and received 
authentication codes is made within a predetermined duration. 

Pfpferably, the terminal transmits a negative acknowledgement to the 
; ■■ -■iriry node in the event that no challenge, or an. . . 

. . . an expected authentication code (E) at the security node based 
on che transaction number, the first algorithm and the first key; 
comparing the expected authentication code with the received 
authentication code ; and 

denying unrestricted access to the network for the terminal unless the 
expected and received authentication codes match. 

2 A method as claimed in claim 1, in which the security node calculates 
at least one first key (Si) for the terminal, the... 

...use with the first algorithm (F) in authenticating a terminal. 

3 A method as claimed in claim 1 or claim 2, in which the first key is 

a 

function of the terminal identification code (TN) encrypted by the 
second key (K) using the security algorithm (fi). 

4 A method as claimed in any one of claims 1 to 3, in which the 
transaction number {n...also stored in the security node, and the first 
key, and to deny unrestricted access to the network for that terminal 
unless the expected and received authentication codes match. 1 5. A 
system as claimed in claim 14, in which the security node (10) includes 
iiieans operable' to calculate the first key (Sj... 

, . .• • •■ . : tnr lacer use in the authentication of that terminal. 

A .-Dyscein as claimed in claim 14 or claim 15, in which the first key 
' c"j function of the terminal identification code (TN) encrypted by 
Lhe second key (K) using the security algorithm (fi). 

17 A system as claimed in any one of claims 14 to 16, in which the 
transaction number (n... 
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De r. a i .1. eci Description 

... ^7 59 - 2773,, and E - 17, the 

• ; i,>heri:exL C = 92017 (Modulo 2773) - 948. Using p = 47 and 
; ' ^-3, a value D ^ 157 can be derived as the private key by 
A'^.■■h LhG original message can be calculated as 948157 
M.^ciulo 2773} = 920, which is decoded as the word "IT". 

Modular arithmetic plays a large part in public 

key encryption systems because it uses smooth and continuous 
functions to obtain discontinuous values which jump around 
in a haphazard way. While the encryption method may be... 

...code breaker's work 

increases much more rapidly with increasing length N of the 
numbers used than does the work of an authorized sender or 

receiver . For example, if the code breaking work is 
proportional to NN whereas the encrypting/decrypting work is 
proportional to N3 I then doubling N from 10 to 20 makes an... 
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Secure group communication with hierarchical access control refers to a 
scenario where a group of members is divided into a number of subgroups 
located at different privilege levels and a high-level subgroup can 
receive and decrypt messages within any of its descendant lower-level 
subgroups; but the converse is not allowed. In this paper, we propose a new 
scheme CRTHACS, which is based on the Chinese Remainder Theorem. The scheme 
not only enables secure hierarchical control but also provides the 
following properties: hiding of hierarchy and receivers , authentication 
of boch senders and messages , and a mechanism for the receiver to 



i directly derive the key^^f a message . 

English Descriptors: Authentication; Hierarchized structure; China; Access 

control; Cryptography 
Qroad Descriptors: Asia; Asie; Asia 

French Descriptors: Au then t i fica t ion ; Structure hierarchisee; Chine; 
V.m: role acces; Cryptographie ; Communication groupe securisee 
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Journal: Lecture notes in computer science, 1999, 1716 363-377 

ISBN: 3-540-66666-4 ISSN: 0302-9743 Availability: INIST-16343; 
354000080104160290 

No. of Ref s . : 1 p. 1/4 

Document Type: P (Serial); C (Conference Proceedings) ; A (Analytic) 
Country of Publication: Germany 
Language: English 

A periodical multi-secret threshold cryptosystem enables a sender to 
encrypt a message by using a cyclical sequence of keys which are shared 
r.y n parties and periodically updated. The same keys appear in the same 
ocder in each cycle, and thus any subset ' of t + 1 parties can decrypt the 
message only in the periodical time-frames, while no subset of t corrupted 
parties can control the system (in particular, none can learn the 
decryption key) . This scheme can be applied to a timed-release 

cryptosystem whose release time is determined when the number of share 
update phases equals the period of the sequence. The system is implemented 
by sharing a pseudo-random sequence generator function. It realizes n >= 3t 
+1 robustness, and is therefore secure against an adversary who can corrupt 
at most one third of the parties. 

English Descriptors: Cryptography; Message transmission ; Decryption ; 
Control system; Implementation; Pseudorandom sequence; Function 
:er:erar.ion; Encryption ; Multisecret; Private key 

Descriptors: Cryptographie; Transmission message ; Decryptage ; 

.Sysi.eme commande; Implementation; Suite pseudoaleatoire ; Generation 
ionccion; Cryptage; Multisecret; Cle privee 
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Almost $k$-wise independent sample spaces and their cryptologic 




Cryptography and coding (Cirencester, 1999) 

Kurosawa, Kaoru (Department of Communications and Integrated Systems, 

Tokyo Institute of Technology, Meguro, Tokyo, 152-8552, Japan) 
■'ohansson, Thomas (Department of Information Technology, Lund University, 

A20 07 Lund, Sweden) 
Suinson, Douglas R. (Department of Combinatorics and Optimization, 

University of Waterloo, Waterloo, Ontario, N2L 3G1, Canada) 
Liu, Xian (Manchester School of Engineering, University of Manchester, 

Manchester, M13 9PL, England) 
Farrell, Patrick (Communications Research Centre, University of 

Lancaster, Lancaster, LAI 4YR, England) 
Boyd, Colin (School of Data Communications, Queensland University of 

Technology, Brisbane, QLD 4001, Australia) 
(Farrell, Patrick G. ) 

Corporate Source Codes: J-TOKYTE-IN; S-LUND-IFT; 3-WTRL-B; 4-MANC-SE; 
4-LANC-CR;- 5-QUT-SDC 
^Typtology 

' .:! :ial of Cryptoiogy. The Journal of the International Association for 
: Vf : :.ioqic Research, 2001, 14, no. 4, 231--253. ISSN: 0933-2790 

• ::' jocreq 

.-springer, Berlin,; 84--93,, 

Series: Lecture Notes in Comput . Sci . , 1746, 

Language: English Summary Language: English 

Document Type: Journal 

Journal Announcement: 200203 

Subfile: MR (Mathematical Reviews) AMS; MR (Mathematical Reviews) AMS 
Abstract Length: LONG (30 lines) 

Summary: ' 'An almost $k$-wise independent sample space is a small subset 
of $m$-bit sequences in which any $k$ bits are 'almost independent'. We 
show that this idea has close relationships with useful cryptological 
nocions such as multiple authentication codes (multiple A-codes) , almost 
scrongly universal hash families, almost $ k$-resilient functions, almost 
correlation-immune functions, indistinguishable random variables and 
$k$-wise decorrelat ion bias of block ciphers . 

^We use almost $k$-wise independent sample spaces to construct new 
efficient multiple A- codes such that the number of key bits grows 
linearly as a function of $k$ (where $k$ is the number of messages to be 
authenticated with a single key) . This improves on the construction of M. 

Atici and D. R. Stinson [in Advances in cryptoiogy CRYPTO '96 (Santa 

Barbara, CA) , 15--30, Lecture Notes in Comput. Sci,, 1109, Springer, 
Berlin, 1996; MR 98g: 94021], in which the number of key bits is 
$\Omega (k\sp 2) $. 

^We introduce the concepts of $ \epsilon$-almost $ k$-resilient functions 
.:' : -ti-osr. correlation-immune funccions, and give a construction for almost 

- -; Lunccions thac has parameters superior to $k$-resilient 

■ ■ • Wr^ also point out che connection between almost $k$-wise 

f --.dun c sample spaces and pseudorandom functions that can be 
ir.guished from truly random functions, by a dist inguisher limited to 
$kS oracle queries, with only a small probability. Vaudenay has shown that 
such functions can be used to construct block ciphers with a small 
decorrelation bias. 

^ 'Finally, new bounds (necessary conditions) are derived for almost 
$k$-wise independent sample spaces, multiple A-codes and balanced 
$\epsilon$-almost $ k$-resilien t functions. ' ' 

Reviewer: Summary Reviewer: Sgarro, Andrea (I-TRST) 
Review Type: Signed review 

Proceedings Reference: 2002d#94047; 1 861 825 

descriptors: 94A60 -Information and communication, circuits- 
r :>mraunica t ion, information-Cryptography (See also 11T71, 14G50, 68P25); * 
94A00 -Information and communication, circuits-Communication, information- 
Cryptography (See also 11T71, 14G50, 68P25) ; 94A62 -Information and 
communication, circuits-Communication, information-Authentication and 
secret sharing; 68P30 -Computer science (For papers involving machine 
computations and programs in a specific mathematical area, see Section --04 
in that area) -Theory of data-Coding and information theory (compaction, 
compression, models of communication, encoding schemes, etc.) (See also 
94Axx); 94A40 -Information and communication, circuits-Communication, 



information-Channel models^^ 94B40 -Information and commun^ration , 

circuits-Theory of error-correcting codes and error-detecting codes- 
Arithmetic codes (See also 11T71, 14G50) 
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Designs, Codes and Cryptography. An International Journal, 1992, 2, 
no. 2, 175--187. ISSN: 0925-1022 
Language: English 
Document Type: Journal 
Journal Announcement: 9214 
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Authentication coding involves a transmitter, a receiver and an opponent. 
The transmitter wants to communicate some source state $s$ to the receiver, 
using a public communications channel. The source state is encrypted into 
a message which is sent through the channel. A key $e$ defines the 
message $e(s)$ to be sent to cormnunicate any $s$. Each key is a 
one-to-one function from the source space to the message space. A key 
source provides the transmitter with a key which, prior to any message 
being sent , is communicated to the receiver through a secure channel. 
In this paper, two combinatorial characterizations of authentication codes 
are given: authentication codes without secrecy (i.e., codes for which the 
message uniquely determines the source state, irrespective of the key being 
used) are characterized in terms of orthogonal arrays, and general 
auchent ication codes in terms of balanced incomplete block designs. In both 
cases, the keys must be equiprobable ; in the second case, the source states 
r.rjs-: also be equiprobable. 

Is*:-- V i r^we r : Lobstein, An toine (Paris) 
\ w Type : S i g ned re v i ew 
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Proof checking the RSA public key encryption algorithm. 

noyer, Robert S. {Department of Computer Science, University of Texas, 
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The American Mathematical Monthly, 1984, 91, no. 3, 181 — 189. 
ISSN: 0002-9890 CODEN: AMMYAE 
Language: English 
Document Type: Journal 
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:• roin iihe introduction: ''Typical proofs in journal articles, textbooks, 
.^nri day-co-day mathematical communication use informal notation and leave 



many of the steps to the rlRer's imagination. Nevertheless^RSy 

cranscribing the sentences of the proof into a formal notation, it is 
sometimes possible to use today's automatic theorem-provers to fill in the 
gaps between published steps and thus mechanically check some published, 
informal proofs. In this paper we illustrate this idea by mechanically 
'h^jr.-'.ing the recently published proof of the invert ibility of the public 
r.^'V encryption algorithm described by R. L. Rivest, A, Shamir and L. 
Afiif-man [Comm. ACM 21 (1978), 120--126; Zbl 368:94005]. We briefly explain 
5'..he idea of public key encryption to motivate the theorem proved. In the 
paper just cited a mathematical function, here called CRYPT, is defined. 
${\rm CRYPT} (M, e, n)$ is the encryption of message $M$ with key $ (e, 
n)$. The function has the following important properties: 1. It is easy 
to compute ${\rm CRYPT} (M, e, n)$. 2. CRYPT is ^ invertible ' , i.e., if $M$ 
is encrypted with key $(e, n)$ and then decrypted with key $ (d, n)$, 
the result is $M$ . That is, ${\rm CRYPT} {{\rm CRYPT) (M, e, n) , d, n)=M$, 
under suitable conditions on $M, n, e,$ and $d$ . 3. Publicly revealing 
CRYPT and $(e, n)$ does not reveal an easy way to compute $ (d, n)$. Public 
key encryption thus avoids the problem of distributing keys via secure 
means. Each user (e.g., a computer on a network) generates an encryption 
-.'^y rifirj a corresponding decryption key, publicizes the encryption key 

•r.Hble others co send private messages , and never distributes the 
decryption key . 
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Title: Multiple key distribution maintaining user anonymity via broadcast 
channels 

Author: Blundo, C; Mattos, Luiz A. Frota; Stinson, D.R. 
Corporate Source: Universita di Salerno, Baronissi, Italy 
.' iournal of Computer Security v 3 n 4 1994-1995. p 309-322 

. .: . : '^ri Year: 1994-1995 

"024 68 ISSN: 0926-227X 
• . j'irj.je : Engl ish 

[joejumenu Type: JA; (Journal Article) Treatment: G; {General Review); T; 
(Theoretical) 

Journal Announcement: 9701W1 

Abstract: In this paper, we discuss methods by which a trusted authority 
can broadcast a message over a network, so that each member of a 
specified privileged subset of users can decrypt this message to 
compute a secret key . In contrast with previously constructed schemes, 
it is possible for the different privileged users to recover different keys 
r rom the broadcast message . Moreover, this is done in such a way that 
no coalition is able to recover any information on any of the keys they are 
r.cr supposed to know. The schemes also do not require addressing, so user 
^jnonymity is maintained. The problem is studied using the tools of 
incormacion theory, so the security provided is unconditional (i.e., not 
based on any computational assumption) . Some useful schemes are presented 
and compared to previously known schemes. (Author abstract) 12 Refs. 

Descriptors: ^Security of data; Cryptography; Data communication systems; 
Information theory; Information retrieval; Data transfer 

Identifiers: Multiple key distribution; User anonymity; Broadcast 
channels 
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Title: Some new results on key distribution patterns and broadcast 

encryption 
Author(s): Stinson, D.R.; Van Trung, T. 

Author Affiliation: Dept. of Comput . ' Sci . & Eng., Nebraska Univ., 
Lincoln, NE, USA 

Journal: Designs, Codes and Cryptography vol.14, no . 3 p. 261-79 
Publisher: Kluwer Academic Publishers, 

Publication Date: Sept. 1998 Country of Publication: Netherlands 
ISSN: 0925-1022 

SICI: 0925-1022 (199809) 14 :3L.261:SRDP;1-G 
Material Identity Number: 0660-98006 

U.S. Copyright Clearance Center Code: 0925-1022/98/$9 . 50 
Language: English Document Type: Journal Paper (JP) 
Treatment: Theoretical (T) 

Abstract: This paper concerns methods by which a trusted authority can 
distribute keys and/or broadcast a message over a network, so that 
i^pich member of a privileged subset of users can compute a specified key 
decrypt che broadcast message . Moreover, this is done in such a 
: . • r,-M no coalition is able to recover any information on a key or 
broadcast message they are not supposed to know. The problems are 

>M j-Ji'^d using the tools of information theory, so the security provided is 
■ji^.condi tional (i.e., not based on any computational assumption). Stinson 



{1997) described a methl^Pof constructing key predistrib^^Pon schemes by 
,/ -ornbininq Mi tchel 1 - Piper key distribution patterns with resilient 
' i:.-' \ni.s, and also presented a construction method for broadcast 
encryption schemes than combines Fiat-Naor key predistribut ion schemes 
. . ' :. ..i^ta] secrec sharing schemes. We further pursue these two themes, 
y: y , iiuq several applications of these techniques by using combinatorial 
*j re}s such as orthogonal arrays, perpendicular arrays, Steiner systems 
or.d ^.niversal hash families. {15 Refs) 
Subfile: B C 
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Publisher: Kluwer Academic Publishers, 

Publication Date: Nov. 1997 Country of Publication: Netherlands 
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Language: English Document Type: Journal Paper (JP) 
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Abstract: This paper provides an exposition of methods by which a trusted 
authority can distribute keys and/or broadcast a message over a 
network, so that each member of a privileged subset of users can compute 

a specified key or decrypt the broadcast message . Moreover, this 
is done in such a way that no coalition is able to recover any information 
on a key or broadcast message they are not supposed to know. The 

pr;oblems are studied using the tools of information theory, so the security 
i:^rovided is unconditional (i.e., not based on any computational 
assumption) . We begin by surveying some useful schemes for key distribution 
that have been presented in the literature, giving background and examples. 
In particular, we look more closely at the attractive concept of key 
distribution patterns, and present a new method for making these schemes 
more efficient through the use of resilient functions. Then we present a 
general approach to the construction of broadcast schemes that combines key 
predistribution schemes with secret sharing schemes. We discuss the 
Fiat-Naor broadcast scheme, as well as other, new schemes that can be 

"onsrructed using this approach. {AO Refs) 
/■.L'!- ; le: B C 
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Conference Sponsor: Int. Assoc. Cryptologic Res 

Conference Date: 8-11 April 1991 Conference Location: Brighton, UK 
Language: English Document Type: Conference Paper (PA) 
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Abstract: An identity-based non-interactive public key distribution 
system is presented that is based on a novel trapdoor one-way function 
allowing a trusted authority to compute the discrete logarithm of a given 
number modulo a publicly known composite number m while this is infeasible 
\nr an adversary noc knowing the factorization of m. Without interaction 
wLvr. a key distribution center or with the recipient of a given message a 
ijser can generate a mutual secure cipher key based solely on the 
recipient's identity and his own secret key and send the message , 
encrypted with the generated cipher key using a conventional 

cipher , over an insecure channel to the recipient. Unlike in previously 
proposed identity-based systems, no public keys, certificates for public 
keys or other information need to be exchanged and thus the system is 
suitable for many applications such as electronic mail that do not allow 
for interaction. {28 Refs) 
Subfile: B C 
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Abstract: Describes an efficient practicable solution for the production 
of two prime numbers (P,Q) needed for the generation of the public key (E) . 
From P and Q the Euler function can be calculated and with a suitable 
algorithm the private key (D) can be discerned . Encryption involves 
' : message being raised to the power of E mod N (N=P.Q) and decryption 

■ ■■- ■'•'s raisinq the transmitted message to the power of D mod N. Both 
: : L .'Csses require che mechods established. Work is continuing on this 
. Lr:ves c iga tion to transfer the high level implementation to a low 



level assembly language operating on a small 32 bit micrl^pmputer . It is 

,> hoped that the results will indicate that it is feasible to produce a stand 
alone board for use as data security on local area networks. (2 Refs) 
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SUMMARY: NSF Proposal 0310297 Practical yet Provably Secure Public-Key 
Primitives Victor Shoup This research addresses the fundamental building 
blocks, or primitives, of public-key cryptography, and attempts to design 
and analyze new primitives that improve the state of the art, either 
chrough increased efficiency or increased security. The objectives are to 
design new primitives suitable for publication in academic journals, as 
woll as for submission to relevant standards bodies. The methods used 
ii.'rie (1) the "reductionist" approach of modern cryptography, whereby the 
■■•*:.r^;"y or a scheme is formally reduced to the presumed intractability of 
v;- ; -.' -Lidied mathematical problems {e.g., factoring), and (2) algorithmic 
;:ues urom number theory and algebra. Public-key cryptography plays an 
- -^sv-^■:L: iai role in securing computers and communication networks. The two 
::;ciS.ic public-key primitives are public-key encryption and digital 
signatures. The first primitive allows a sender to secretly transmit a 
message to a receiver , where the sender only needs to know a public 
key (known to everyone), while only the receiver needs to know the 
corresponding secret key. The second primitive allows a signer, using a 
secret key , to generate a digital signature on a message so that the 
signature can later be verified by any party using a corresponding public 
key. Although substantial progress has been made in recent years on these 
problems, there is still more work to do, in terms of improving the 
efficiency of the schemes, reducing the strength of the intractability 
'issumpt ions , improving the quality of the security reductions, and in 
cieve loping practical distributed versions of these schemes so as to avoid a 
siiigle point of failure. These are the specific tasks taken on by this 
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A.^hor's summary: ' ' For l^fipie substitution ciphers an ^Rct 

• ':-;p r ession and bounds are derived for the message equivocation in terms 
oi the key equivocation. It is established that the message 
equivocation approaches the key equivocation exponentially fast for 
discrete memoryless sources. It is observed that the exponential behavior 
of the message equivocation is not determined by redundancy in the 
message source but by either the symbol probabilities which are closest 
in a certain sense or the sum of the two smallest symbol probabilities.'' 



